No python Crypto Random in EL6

Thu May 9 16:18:57 UTC 2013

On Thu, May 09, 2013 at 07:22:13AM -0400, Stephen Gallagher wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 05/08/2013 06:49 PM, Orion Poplawski wrote:
> > On 05/08/2013 03:54 PM, Pádraig Brady wrote:
> >> 
> >> I added a workaround patch for that in openstack-glance: 
> >> http://pkgs.fedoraproject.org/cgit/openstack-glance.git/plain/crypto.random.patch?h=el6
> >>
> >>
> >>
> >> 
> thanks,
> >> Pádraig.
> > 
> > Thanks for that suggestion.  Here is my proposed patch for
> > python-ssh then. Comments welcome.
> > 
> > Silas -
> > 
> > I can commit this to the el6 branch if you'd like.  Or I could
> > commit to master and merge to el6 depending on how you track spec
> > files across the branches.  Or perhaps you want to take care of
> > it?
> > 
> 
> /dev/urandom is not cryptographically sound. From the manpage:
> 

(Note: I'm not sure that "not cryptographically sournd" is a valid
conclusion to draw from that man page comment.  Especially given later
recommendations in the man page.  I'll get into that further recommendation
later.)

because of this comment I went to see what python-paramiko uses for a random
source.  In looking for that I found a few interesting things:

From pypi:
"""
This library originated as a fork of the Paramiko library, and has now been
merged back into it. All fixes and features that were released or developed
under the 'ssh' name have been incorporated into Paramiko! Please switch your
dependencies to Paramiko 1.8.0 or newer.
"""

* RHEL6 has paramiko-1.7.5 but perhaps the API is similar enough for the
  package you're really after.

paramiko-1.7.5 paramiko/rng_posix.py (which is what's in rhel6):
    if device_path is None:
            device_path = "/dev/urandom"

* So python-paramiko is using /dev/urandom

python-crypto-2.6-1.fc17: /usr/lib64/python2.7/site-packages/Crypto/Random/OSRNG/posix.py

       if devname is None:
            self.name = "/dev/urandom"
        else:
            self.name = devname

        # Test that /dev/urandom is a character special device
        f = open(self.name, "rb", 0)

So python-crypto is using /dev/urandom as well (*but* python-crypto is
using it to seed a Fortuna implementation)

Reading further through the random man page I see this recommendation:
"""
If you are unsure about whether you should use /dev/random or /dev/urandom,
then probably you want to use the latter.  As a general rule, /dev/urandom
should be used for everything except long-lived GPG/SSL/SSH keys.
"""

These python libraries (paramiko and ssh) aren't commonly used to generate
the keypairs -- sshd and ssh-keygen are usually used.  However, I do see
that the libraries have generate methods in dsskey.py and rsakey.py that
say:

"""
Generate a new private [DSS/RSA] key.  This factory function
can be used to generate a new host key or authentication key.
"""
* [] are mine since the comment is pulled from both dsakey.py and rsakey.py

Finally, I was curious about other uses of /dev/urandom.  I found this in
man 3 RAND_add:

"""
OpenSSL makes sure that the PRNG state is unique for each thread. On systems
that provide "/dev/urandom", the randomness device is used to seed the PRNG
transparently.
"""

man ssh-keygen has this note:
"""
ENVIRONMENT
SSH_USE_STRONG_RNG
    The reseeding of the OpenSSL random generator is usually done from
    /dev/urandom.  If the SSH_USE_STRONG_RNG environ‐ ment variable is set
    to value other than 0 the OpenSSL random generator is reseeded from
    /dev/random
"""

-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/epel-devel-list/attachments/20130509/96691abb/attachment.sig>