NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: WARNING pseudorandom rekeying



Le 06/01/2014 10:18, Emmanuel Dreyfus a écrit :
On Sun, Dec 29, 2013 at 03:05:12AM +0100, Jean-Yves Migeon wrote:
>cprng cpu0-short: WARNING pseudorandom rekeying.
>cprng 47814d1: WARNING pseudorandom rekeying.
>cprng sysctl: WARNING pseudorandom rekeying.
(...)
It means that the RNG was seeded with a (supposedly) bad state, e.g.
with not enough random bits to be deemed safe.

The nasty thing here is that if one did not check the boot log when
the key was created, there is no reminder.

Is there a way to assess existing private key quality?

I don't think it is possible; key parameters do not keep information about the state they were created in. The system is weak not because the key is invalid but rather because an attacker has fewer states to test before being successful.

--
Jean-Yves Migeon


Home | Main Index | Thread Index | Old Index