Modify

Opened 5 years ago

Closed 4 years ago

Last modified 4 years ago

#13711 closed defect (not_a_bug)

RFE: Use entropy from initial configuration in LuCi for SSH key generation

Reported by: jasa.david@… Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: packages Version: Trunk
Keywords: Cc:

Description

Embedded devices are likely to have weak sources of entropy. This means that key generation is slow and resulting keys might be weak.

OTOH when OpenWRT is getting its first configuration, quite good entropy source can be tapped - user interaction with LuCi web interface. Each JS event should reveal the time it happened in it's .timeStamp property - combine it with some seed (some number from server - openwrt - and from JS random number generator should do) and you should get fairly good pool of entropy in quite short time.

Nice example could be here albeit they don't collect scroll events.

Attachments (0)

Change History (5)

comment:1 Changed 5 years ago by anonymous

OTOH when OpenWRT is getting its first configuration, quite good entropy source can be tapped - user interaction with LuCi web interface.

Except that when Openwrt gets the initial config at the first boot, there is no interaction with Luci, yet. The boot process happens without user interaction.

Later, when the keys have already been generated, the user can contact the router with Luci. It might be possible to generate new keys using that user interaction at that point, but it has nothing to do with the initial config.

comment:2 follow-up: Changed 4 years ago by Iosif Peterfi <iosif.peterfi@…>

Haveged is available in OpenWRT.

https://dev.openwrt.org/browser/packages/utils/haveged

What is left to do is integrate it with the dropbear startup script as in:

  • make sure haveged starts before dropbear by editing havege.init
  • make sure dropbear will sleep for like 10 seconds in order to have enough entropy in the keygen procedure by editing dropbear.init

This should give enough entropy for dropbear keygen.

Let me know if you guys are interested in a patch.

comment:3 in reply to: ↑ 2 Changed 4 years ago by jasa.david@…

Hm, openwrt trac doesn't notify unregisterd users so quite a late reply:

Replying to anonymous:

OTOH when OpenWRT is getting its first configuration, quite good entropy source can be tapped - user interaction with LuCi web interface.

Except that when Openwrt gets the initial config at the first boot, there is no interaction with Luci, yet. The boot process happens without user interaction.

Later, when the keys have already been generated, the user can contact the router with Luci. It might be possible to generate new keys using that user interaction at that point, but it has nothing to do with the initial config.

OK, so there are essentially two options:
1) delay dropbear key generation till we're fairly certain that there is enough entropy available (but IMO it would need a research by people with good knowledge of cryptography _and_ low level linux/OpenWRT stuff to give a real security and not just a false sense of security)
2) regenerate keys at first user interaction

Replying to Iosif Peterfi <iosif.peterfi@…>:

Haveged is available in OpenWRT.

https://dev.openwrt.org/browser/packages/utils/haveged

What is left to do is integrate it with the dropbear startup script as in:

  • make sure haveged starts before dropbear by editing havege.init
  • make sure dropbear will sleep for like 10 seconds in order to have enough entropy in the keygen procedure by editing dropbear.init

This should give enough entropy for dropbear keygen.

Let me know if you guys are interested in a patch.

Haveged seems to be tailored specifically for RHEL/CentOS-supported architectures, both arm and mips (which are basis or most openwrt devices IIUC) are in generic/other. My quick scan of the haveged homepage didn't yield any info about test on those archs so there my question from the top of the post resurfaces: does 10s run of haveged suffice to get enough entropy for 2048b-long keypair generation on architectures where OpenWRT is deployed?
Lack of cryptanalytic papers focused on haveged (apart from the ones describing original Havege idea) doesn't help in this respect either.

Of course, Haveged seems especially nice for automated deployments with no other entropy source - if it indeed works OK.

comment:4 Changed 4 years ago by nbd

  • Resolution set to not_a_bug
  • Status changed from new to closed

I think using some LuCI timestamps would only yield very low-quality entropy, which is close to being useless. On devices with Atheros wifi, we now get raw ADC samples from the radio as entropy. On other devices we will implement similar measures.

comment:5 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.