Bug 102152 - ps aux|md5sum; ps alx|md5sum does not have very much entropy
ps aux|md5sum; ps alx|md5sum does not have very much entropy
Status: CLOSED RAWHIDE
Product: Red Hat Raw Hide
Classification: Retired
Component: redhat-config-network (Show other bugs)
1.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Harald Hoyer
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-08-11 16:19 EDT by Pekka Pietikäinen
Modified: 2007-04-18 12:56 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-10-27 08:12:56 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Pekka Pietikäinen 2003-08-11 16:19:46 EDT
Description of problem:

From editipsec.py:

  def on_generateAHKeyButton_clicked(self, *args):
        command = '/bin/sh'
        (status , key ) = gtkExecWithCaptureStatus(command = command,
                                                   argv = [command, '-c',
                                                           '(ps aux|md5sum;ps
alx|md5sum) | tr -cd 0-9 2>/dev/null'])

is not even close to being random enough for generating cryptographic keys.

Please use something like

dd if=/dev/random count=16 bs=1| xxd -ps 

which should generate a nice random (tm) 128-bit key in hex, which the ipsec 
code should handle if a 0x is added to the beginning.

Or even better, some native python with the same effect :-)

The CIPE config part does something similar.
Comment 1 Harald Hoyer 2003-09-01 10:10:33 EDT
yep, thx for the hint..

Note You need to log in before you can comment on or make changes to this bug.