Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] The RSA Keying links



Edward Ned Harvey <blu at nedharvey.com> writes:

> Clearly, sometime after installing your OS, after the OS has gained entropy,
> you should generate new server ssh keys.  (And re-generate any SSL/TLS keys
> that you may have previously created using openssl without sufficient
> entropy.)  The question is, how do you know when your server has gained some
> entropy?

    /dev/random blocks on lack of entropy.  /dev/urandom does the best
it can with whatever's available, which is to say it will make up
plausibly random looking data that may not be random.

    For state introspection, your OS will vary:
* Linux has /proc/sys/kernel/random.
* FreeBSD has a sysctl tree kern.random.
* NetBSD has an rndctl utility that will mention the state of the pool.

    Read the man page for random on your respective OS for details.
Note that the BSD's won't give you the right manual page without -a or
an explicit mention of section 4, for device driver manual pages.






BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org