New README file for cipe
Pekka Pietikainen
pp at ee.oulu.fi
Sun Oct 5 07:44:36 UTC 2003
On Sat, Oct 04, 2003 at 11:00:54PM -0700, Jonathan Gardner wrote:
> 4) Finally, I created a key in /etc/cipe/options.cipcb0 on both machines. It
> reads:
>
> key [md5sum]
>
> where md5sum is the result of running:
>
> $ ps -aux | md5sum
>
> (note that I only included the 128 digit hexadecimal number - not the '-'
> part.)
Argh! I filed a bug about this way of generating keys in
redhat-config-securitylevel, obviously the source was CIPE docs :-)
Please recommend something like:
[root at connecting root]# dd if=/dev/random bs=1 count=16 | xxd -ps
16+0 records in
16+0 records out
9a1639e5fd8674eed2b6ab31aa62fcc1
so you don't have to worry about the amount entropy of ps aux
has. I would argue that it's less than 128 bits, especially
if generate the key on a fresh system just after rebooting.
Too risky when talking about crypto keys in any case :-)
--
Pekka Pietikainen
More information about the fedora-devel-list
mailing list