Raspberry Pi devices running on Raspbian may need to be patched to avoid a security issue that results in the device generating weak and predictable SSH keys. Raspbian is a free operating system based on Debian optimized for Raspberry Pi hardware. According to developer oittaa, the issue resides in the way Raspbian generates SSH keys. Patrick Hilt, CTO of MIRACL (previously known as CertiVox) explains the issue and what needs to be done.
[su_note note_color=”#ffffcc” text_color=”#00000″]Patrick Hilt, CTO of MIRACL :
“There are really two issues intermingled here :
The first one is that Raspbian’s boot sequence is “inopportune”. This is something that’s easily fixed but then relies on RPi users to be aware and update their systems. If they don’t, it creates a potential weak spot.
The second issue is “random number generation in Linux”, which is appropriate considering the origins of Linux. On a server or desktop computer, entropy isn’t used until later during system startup and use. By then, based on network traffic and/or user input and other hardware events, there is usually plenty of entropy to go around. In embedded systems the situation can be different especially if random numbers are accessed early in the boot process and that’s what we’re seeing here with Raspbian.
It’s imperative, especially in the IoT era, for embedded systems developers to be security conscious and design systems in such a way that random numbers are not needed until there is enough entropy and/or the Linux kernel entropy pool is seeded from a hardware random number generator if it is present in the system (which is also done in the Raspian fix).
Lastly, there is an application component to this as well: application developers have a choice between using /dev/random and /dev/urandom and there is a reason that /dev/random blocks until there is enough entropy to create a good random number. Obviously the cost of that good random number is the possibility that execution might block until it can be had and developers have to handle that. In some cases handling that elegantly is possible and in others it might not be. In my opinion it falls to the application developer to decide which random number source is right for the security and user experience needs of their application. Although that is sometimes easier said than done, so is saying that the Linux kernel’s random number generation subsystem needs to be changed. Entropy simply has to come from somewhere.”[/su_note]
[su_box title=”About MIRACL” style=”noise” box_color=”#336588″]Multiprecision Integer and Rational Arithmetic C Library – the MIRACL Crypto SDK – is a C software library that is widely regarded by developers as the gold standard open source SDK for elliptic curve cryptography (ECC).[/su_box]