[Bug 1098299] [NEW] entropy pool should be seeded earlier in boot process
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Jan 10 19:25:47 UTC 2013
*** This bug is a security vulnerability ***
Public security bug reported:
Currently, the entropy pool is seeded by /etc/init.d/urandom. This
should be done earlier in the boot process by an upstart job, and should
be done before the ssh daemon is started.
Although the ssh keys are generated on package install, openssh uses
openssl's PRNG which is seeded on boot for ephemeral keys.
See https://factorable.net/weakkeys12.extended.pdf for more information.
** Affects: openssh (Ubuntu)
Importance: Undecided
Status: New
** Affects: sysvinit (Ubuntu)
Importance: Undecided
Status: New
** Also affects: openssh (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1098299
Title:
entropy pool should be seeded earlier in boot process
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1098299/+subscriptions
More information about the Ubuntu-server-bugs
mailing list