Modify

Opened 20 months ago

#22584 new defect

Add entropy from browser to /dev/random

Reported by: djasa Owned by: developers
Priority: normal Milestone: Features Paradise
Component: base system Version: Trunk
Keywords: Cc:

Description

All relevant browsers do support window.crypto.getRandomValues() method for several years already that is guaranteed to generate cryptographically-strong random values. Given that most (all?) devices where OpenWRT runs are entropy-poor, there is a need for strong entropy in order to generate SSH (and possibly other) keys or to establish ECDSA connections, it would be prudent if OpenWRT augmented device's own entropy with strong entropy from user whenever they access LuCI and possibly save some of it for augmenting /dev/random on later boots as well.

If this is implemented, it would make sense to delay SSH key generation until there is enough entropy (optimally use getrandom() system call)

Attachments (0)

Change History (0)

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.