Originally posted by carewolf
View Post
Servers aren't in production when I'm setting ssh keys up, and may or may not have enough network randomness depending on how much they are used.
It's not the first time I had to kick in a raid scrub or cat /dev/md0 > /dev/null for the sake of increasing the damn rng pool and not waiting ages for the key to be generated on a device lacking hardware RNG (or where the software was not using it)
While each source could be compromised (hardware, network, clock), combining them and adding a bit of pseudo random, will produce perfectly random numbers that can only predicted (very expensively), by someone who has compromised all of the sources randomness.
Comment