seeding dev/random in 5.5
Brooks Davis
brooks at one-eyed-alien.net
Wed Aug 9 13:32:43 UTC 2006
On Wed, Aug 09, 2006 at 09:29:44AM -0400, fwaggle wrote:
> Brooks Davis wrote:
> >On Wed, Aug 09, 2006 at 12:17:35AM -0700, R. B. Riddick wrote:
> >>--- Doug Barton <dougb at FreeBSD.org> wrote:
> [snip]
> >>* I received a private communication yesterday about this matter. But the
> >>list
> >>did not. I will cite (not litterally) a little bit out of that message:
> >>Since
> >>you do not know anything about the remotely created host-key, u cannot
> >>connect
> >>safely to the freshly installed box, because: You do not even know the
> >>signature of the new host-key, so that if u connect to the wrong box u
> >>would
> >>not even known. Workaround: You could give all hosts the same well-known
> >>host-key (via your install-image-CD) and then u could change the host-key
> >>in a
> >>remotely controlled way individually and note down the signature? Maybe my
> >>secret informer (lets call him Rasmus or RK) wants to come public... :-)
> >
> >These are valid if probably overly paranoid points. :)
> [/snip]
>
> i have a question. perhaps i'm misunderstanding something with how SSH
> works, but how would having a "standard freebsd private key" benefit
> anyone? if you wanted to impersonate a newly installed freebsd machine,
> then all you'd need is that freely-available private key. plus you'd get
> a bunch of clueless admins who had their machines installed by a
> dedicated server provider, and who'd never change their host key, which
> would effectively ruin SSH for their purposes.
>
> unless i've seriously missed the boat somewhere (it's happened before!)
> i think a better solution would still be random key generation with a
> nice little option to email the key signature somewhere that the new
> admin could pick it up. it's still fraught with impersonation danger for
> the paranoid, but imo it's a better idea than having a not-so-private
> key on install.
I interpreted the suggestion is something to be done via custom install
media. There's no chance in hell the freebsd project would install a
default key since it's such an obviously bad idea.
-- Brooks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20060809/475871cf/attachment.pgp
More information about the freebsd-security
mailing list