Ubuntu playing dort-of catchup on entropy seeding
Jim Cheetham
jim at gonzul.net
Wed Feb 19 01:35:27 GMT 2014
http://blog.dustinkirkland.com/2014/02/random-seeds-in-ubuntu-1404-lts-cloud.html
Commentry:
Lennart Poettering commented on a post on Blogger.
Shared publicly - 14:04
Sooo, let me get this right. Your VM has no good random seed to start
from. To deal with that you make an HTTPS request to some server on
the internet. That HTTPS connection requires a session key, which you
have to generate from your random source that, well..., is not
well-seeded at that point. Hence all the encryption of that seed is
pretty much pointless.
This sounds like an unhealthy amount of snake oil to me!
I mean, you want to fix a problem here and use a technology for that
assumes that the problem is already fixed.
And then you claim in your post that at least things are not worse
than without this scheme. But what is cryptographical infrastructure
good for if it doesn't actually add security to anything?
If anything this creates a fake sense of security, leaks information
about your private cloud to Canonical's servers (since most people
won't bother with setting up their own servers), increases the attack
surface, and so on.
All in all this appears quite ridiculous to me.
More information about the Discuss
mailing list