Feature #221: pki --gen and Hosts with Low Entropy - strongSwan

Feature #221

pki --gen and Hosts with Low Entropy

Added by Dmitry Korzhevin about 7 years ago. Updated about 7 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Martin Willi

Category:

Target version:

5.0.1

Start date:

06.09.2012

Due date:

Estimated time:

Resolution:

Description

Please, add option to choose, which random data surce use to gen key:

Now, pki --gen can use only /dev/random, but you could add option to choose /dev/urandom also.

Associated revisions

Revision 7b68cd92 (diff)
Added by Martin Willi about 7 years ago

Add strongswan.conf runtime options for /dev/[u]random files

Fixes #221.

History

#1 Updated by Martin Willi about 7 years ago

Status changed from New to Closed
Assignee set to Martin Willi

I don't think it is a good idea to get random bytes from /dev/urandom for private key generation.

But if /dev/random does not work for you, you can ./configure strongSwan --with-random-device=/dev/urandom. Or, with the referenced patch, set the strongswan.conf option libstrongswan.plugins.random.random to /dev/urandom.

Also available in: Atom PDF

Project

General

Profile

strongSwan

Issues

New issues

Feature #221

pki --gen and Hosts with Low Entropy

Associated revisions

History

#1 Updated by Martin Willi about 7 years ago