On Thu, Jul 07, 2016 at 01:25:17PM -0400, Leo Famulari wrote: > If so, what does Dropbear do? How does it get random numbers to generate > the host key?
I looked into it — Dropbear uses /dev/urandom, which *may* not be safe to use immediately after first boot. What do you think about implementing the '-R' option, described below? >From dropbear(8) [0]: "Host key files are read at startup from a standard location, by default /etc/dropbear/dropbear_dss_host_key, /etc/dropbear/dropbear_rsa_host_key, and /etc/dropbear/dropbear_ecdsa_host_key or specified on the commandline with -r. These are of the form generated by dropbearkey. The -R option can be used to automatically generate keys in the default location - keys will be generated after startup when the first connection is established. This had the benefit that the system /dev/urandom random number source has a better chance of being securely seeded." [0] https://github.com/mkj/dropbear/blob/master/dropbear.8#L143
