On Thu, 24 Apr 2014, Florian Weimer wrote:
I don't think "openssl genrsa 2048" has this issue on today's machines. (I know I saw it with GNUTLS.)
I was sceptical, so I tried this on a freshly booted VM: root@bofh:~# virsh start north Domain north started root@bofh:~# ssh root@north Last login: Wed Apr 23 11:54:46 2014 [root@north ~]# time openssl genrsa 2048 [...] real 0m0.382s user 0m0.267s sys 0m0.003s Call me very surprised! We finally have real entropy in VMs now. Good news!
It came up in the context of clustering software where the single certificate/key pair (shared across the cluster) would be used to secure cluster membership. The cluster nodes trust each other as a result of the protocol features, so they could access their private keys anyway, even if they were separate.
Ah.. understood. Paul -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
