Subject: Re: libssh2_session_handshake remains stuck

Re: libssh2_session_handshake remains stuck

From: Peter Stuge <peter_at_stuge.se>
Date: Wed, 23 Jun 2021 17:57:19 +0000

Hi Simone,

Simone Azzalin wrote:
> After looking at /dev/random, I noticed that it's not being updated as
> fast as /dev/urandom...

Please consider why that is so.

> So I just thought to force libgcrypt to use /dev/urandom.

Is /dev/urandom suitable for cryptography?

> I recompiled all in a moment and it seems it works fine !

In fact /dev/urandom is *not at all* suitable for cryptography.

A weak entropy source results in guessable encryption keys. This
happened in debian: https://www.debian.org/security/2008/dsa-1571

Forcing a shared cryptographic library to use a weak entropy source
not only compromises that one file transer but in fact compromises
the security of every software on the system using the same library,
for the entire lifetime of the product. Don't do that.

I'll repeat what I wrote before, please take it seriously although you
don't have to pay for it:

> >> If you neglect this issue and choose not to implement any solution to
> >> the lack of entropy problem then your /dev/random becomes predictable
> >> across boots, rendering any asymmetric encryption on the system useless;
> >> allowing MITM attacks and perhaps even worse extraction of the SSH
> >> authentication credentials.

To summarize:

* Your embedded system lacks a hardware entropy source.

* /dev/random blocks when the crypto library needs entropy for the
  SSH session key exchange if insufficient entropy is available.

* I described one possible workaround for this problem; saving
  randomness across boot. If you choose this solution please consider
  what you will do in manufacturing. You do *NOT* want to ship all
  devices with the same initial seed.

* /dev/urandom is unsuitable for cryptography and forcing cryptographic
  libraries to use it destroys security in your entire system.

You have to solve the lack of entropy problem properly if you want
an actually secure system.

If you don't care about security then you could use FTP for the file
transfer on boot.

Kind regards

//Peter
_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2021-06-23