[Discuss] The RSA Keying links
Daniel Hagerty
hag at linnaean.org
Thu Feb 16 11:21:22 EST 2012
Edward Ned Harvey <blu at nedharvey.com> writes:
> Clearly, sometime after installing your OS, after the OS has gained entropy,
> you should generate new server ssh keys. (And re-generate any SSL/TLS keys
> that you may have previously created using openssl without sufficient
> entropy.) The question is, how do you know when your server has gained some
> entropy?
/dev/random blocks on lack of entropy. /dev/urandom does the best
it can with whatever's available, which is to say it will make up
plausibly random looking data that may not be random.
For state introspection, your OS will vary:
* Linux has /proc/sys/kernel/random.
* FreeBSD has a sysctl tree kern.random.
* NetBSD has an rndctl utility that will mention the state of the pool.
Read the man page for random on your respective OS for details.
Note that the BSD's won't give you the right manual page without -a or
an explicit mention of section 4, for device driver manual pages.
More information about the Discuss
mailing list