Gargoyle Forum

Posted: **Thu Sep 12, 2013 8:31 am**

Looks like there may be some issues with entropy harvesting in MIPS Linux which forms the basis of a lot of distributions, such as OpenWRT and Gargoyle.

http://www.heise.de/security/meldung/MI ... 53097.html (In German) is a good overview.
It points to https://lists.openwrt.org/pipermail/ope ... 21318.html

Does anyone know if this has an impact on key generation for OpenVPN running on a Mips based Gargoyle?

Can I do anything to do better key generation on the router? Could I generate keys on a different platform (a Linux machine) and then use then on my router?

Not related directly, but the discussion on the Intel RNG instructions at https://plus.google.com/u/0/11709138045 ... Dcoemc9V3J is wonderful to read ask well.

Posted: **Thu Sep 12, 2013 8:41 am**

http://www.mips.com/media/files/MD00565 ... -01.01.pdf includes a code snipit for reading the cycle count from a MIPS processor. Not sure whether it works on the Atheros CPUs...

Code: Select all

unsigned mips_cycle_counter_read()
{
unsigned cc;
asm volatile("mfc0 %0, $9" : "=r" (cc));
return (cc << 1);
}

Posted: **Wed Sep 18, 2013 6:32 pm**

Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
This is a wonderfully written paper. Has anyone looked at either the SSH keys for Gargoyle or the OpenVPN certificates?

Posted: **Wed Sep 18, 2013 7:34 pm**

Well, here's the commit. Reverse it & see what it does for you.

http://www.mail-archive.com/git-commits ... 29749.html

or use this patch:
http://lkml.indiana.edu/hypermail/linux ... 01123.html

Gargoyle Forum

problems with the MIPS randomness and OpenVPN impact

problems with the MIPS randomness and OpenVPN impact

Re: problems with the MIPS randomness and OpenVPN impact

Re: problems with the MIPS randomness and OpenVPN impact

Re: problems with the MIPS randomness and OpenVPN impact