Bug 102152 - ps aux|md5sum; ps alx|md5sum does not have very much entropy
Summary: ps aux|md5sum; ps alx|md5sum does not have very much entropy
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: redhat-config-network   
(Show other bugs)
Version: 1.0
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Harald Hoyer
QA Contact:
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-08-11 20:19 UTC by Pekka Pietikäinen
Modified: 2007-04-18 16:56 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-10-27 13:12:56 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Pekka Pietikäinen 2003-08-11 20:19:46 UTC
Description of problem:

From editipsec.py:

  def on_generateAHKeyButton_clicked(self, *args):
        command = '/bin/sh'
        (status , key ) = gtkExecWithCaptureStatus(command = command,
                                                   argv = [command, '-c',
                                                           '(ps aux|md5sum;ps
alx|md5sum) | tr -cd 0-9 2>/dev/null'])

is not even close to being random enough for generating cryptographic keys.

Please use something like

dd if=/dev/random count=16 bs=1| xxd -ps 

which should generate a nice random (tm) 128-bit key in hex, which the ipsec 
code should handle if a 0x is added to the beginning.

Or even better, some native python with the same effect :-)

The CIPE config part does something similar.

Comment 1 Harald Hoyer 2003-09-01 14:10:33 UTC
yep, thx for the hint..


Note You need to log in before you can comment on or make changes to this bug.