Project

General

Profile

Feature #221

pki --gen and Hosts with Low Entropy

Added by Dmitry Korzhevin about 7 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
06.09.2012
Due date:
Estimated time:
Resolution:

Description

Please, add option to choose, which random data surce use to gen key:

Now, pki --gen can use only /dev/random, but you could add option to choose /dev/urandom also.

Associated revisions

Revision 7b68cd92 (diff)
Added by Martin Willi about 7 years ago

Add strongswan.conf runtime options for /dev/[u]random files

Fixes #221.

History

#1 Updated by Martin Willi about 7 years ago

  • Status changed from New to Closed
  • Assignee set to Martin Willi

I don't think it is a good idea to get random bytes from /dev/urandom for private key generation.

But if /dev/random does not work for you, you can ./configure strongSwan --with-random-device=/dev/urandom. Or, with the referenced patch, set the strongswan.conf option libstrongswan.plugins.random.random to /dev/urandom.

Also available in: Atom PDF