New README file for cipe

Pekka Pietikainen pp at ee.oulu.fi
Sun Oct 5 07:44:36 UTC 2003


On Sat, Oct 04, 2003 at 11:00:54PM -0700, Jonathan Gardner wrote:
> 4) Finally, I created a key in /etc/cipe/options.cipcb0 on both machines. It
> reads:
> 
>     key [md5sum]
> 
> where md5sum is the result of running:
> 
>     $ ps -aux | md5sum
> 
> (note that I only included the 128 digit hexadecimal number - not the '-'
> part.)
Argh! I filed a bug about this way of generating keys in
redhat-config-securitylevel, obviously the source was CIPE docs :-)

Please recommend something like:

[root at connecting root]# dd if=/dev/random bs=1 count=16 | xxd -ps
16+0 records in
16+0 records out
9a1639e5fd8674eed2b6ab31aa62fcc1

so you don't have to worry about the amount entropy of ps aux 
has. I would argue that it's less than 128 bits, especially
if generate the key on a fresh system just after rebooting.
Too risky when talking about crypto keys in any case :-)

-- 
Pekka Pietikainen





More information about the fedora-devel-list mailing list