Looks like there may be some issues with entropy harvesting in MIPS Linux which forms the basis of a lot of distributions, such as OpenWRT and Gargoyle.
http://www.heise.de/security/meldung/MI ... 53097.html (In German) is a good overview.
It points to https://lists.openwrt.org/pipermail/ope ... 21318.html
Does anyone know if this has an impact on key generation for OpenVPN running on a Mips based Gargoyle?
Can I do anything to do better key generation on the router? Could I generate keys on a different platform (a Linux machine) and then use then on my router?
Not related directly, but the discussion on the Intel RNG instructions at https://plus.google.com/u/0/11709138045 ... Dcoemc9V3J is wonderful to read ask well.
problems with the MIPS randomness and OpenVPN impact
Moderator: Moderators
-
- Posts: 89
- Joined: Thu Apr 22, 2010 3:24 pm
-
- Posts: 89
- Joined: Thu Apr 22, 2010 3:24 pm
Re: problems with the MIPS randomness and OpenVPN impact
http://www.mips.com/media/files/MD00565 ... -01.01.pdf includes a code snipit for reading the cycle count from a MIPS processor. Not sure whether it works on the Atheros CPUs...
Code: Select all
unsigned mips_cycle_counter_read()
{
unsigned cc;
asm volatile("mfc0 %0, $9" : "=r" (cc));
return (cc << 1);
}
-
- Posts: 89
- Joined: Thu Apr 22, 2010 3:24 pm
Re: problems with the MIPS randomness and OpenVPN impact
Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
This is a wonderfully written paper. Has anyone looked at either the SSH keys for Gargoyle or the OpenVPN certificates?
This is a wonderfully written paper. Has anyone looked at either the SSH keys for Gargoyle or the OpenVPN certificates?
-
- Moderator
- Posts: 250
- Joined: Thu Jan 17, 2013 11:43 pm
Re: problems with the MIPS randomness and OpenVPN impact
Well, here's the commit. Reverse it & see what it does for you.
http://www.mail-archive.com/git-commits ... 29749.html
or use this patch:
http://lkml.indiana.edu/hypermail/linux ... 01123.html
http://www.mail-archive.com/git-commits ... 29749.html
or use this patch:
http://lkml.indiana.edu/hypermail/linux ... 01123.html
TP-Link WDR3600 v1.1 running 1.5.10+ L10n-English (Built 20130922 - OpenWrt r38093)
TP-Link WDR4300 running 1.5.10+ i18n-English (Built 20131010 - OpenWrt r38286)
https://github.com/BashfulBladder/gargoyle-plugins/wiki
TP-Link WDR4300 running 1.5.10+ i18n-English (Built 20131010 - OpenWrt r38286)
https://github.com/BashfulBladder/gargoyle-plugins/wiki