OpenSSL in Devices gets cracked when trying to “enhance” randomness

Hi!  The security world has been buzzing this week about two new sets of research into what we will call statistical key cracking.  The hack is one that we would not expect out of your average script kiddie, because it combines sophisticated scanning with mathematical prowess.  The overview story is the first link below.  The second and third links take you to the researchers previews.

http://arstechnica.com/business/news/2012/02/crypto-shocker-four-of-every-1000-public-keys-provide-no-security.ars?comments=1#comments-bar

http://eprint.iacr.org/2012/064.pdf

https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs

We are particularly interested in the work from Nadia Heninger and her team, given that our user base is skewed towards embedded systems.

Our takeaways from this new research are high entropy seeds are vital to proper key generation.  If a high entropy device is available use it, if not, don`t try to write your own.  Connect securely to a remote server where a high entropy seed can be relayed over the SSL/TLS connection.  And don`t stir the RNG between (p) and (q) generation.  This crack is based on a low entropy seed and the stirring between (p) and (q) generation.  wolfSSL avoids this problem in two ways, by using a high entropy seed from /dev/random and by not stirring between (p) and (q) but before each (p) instead.