[Bug 1098299] [NEW] entropy pool should be seeded earlier in boot process
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Jan 10 19:25:47 UTC 2013
*** This bug is a security vulnerability ***
Public security bug reported:
Currently, the entropy pool is seeded by /etc/init.d/urandom. This
should be done earlier in the boot process by an upstart job, and should
be done before the ssh daemon is started.
Although the ssh keys are generated on package install, openssh uses
openssl's PRNG which is seeded on boot for ephemeral keys.
See https://factorable.net/weakkeys12.extended.pdf for more information.
** Affects: openssh (Ubuntu)
Importance: Undecided
Status: New
** Affects: sysvinit (Ubuntu)
Importance: Undecided
Status: New
** Also affects: openssh (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sysvinit in Ubuntu.
https://bugs.launchpad.net/bugs/1098299
Title:
entropy pool should be seeded earlier in boot process
Status in “openssh” package in Ubuntu:
New
Status in “sysvinit” package in Ubuntu:
New
Bug description:
Currently, the entropy pool is seeded by /etc/init.d/urandom. This
should be done earlier in the boot process by an upstart job, and
should be done before the ssh daemon is started.
Although the ssh keys are generated on package install, openssh uses
openssl's PRNG which is seeded on boot for ephemeral keys.
See https://factorable.net/weakkeys12.extended.pdf for more
information.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1098299/+subscriptions
More information about the foundations-bugs
mailing list