Print Page | Close Window

ECC Key Generation Linux

Printed From: TMS Software
Category: VCL Components
Forum Name: VCL / FMX Cryptography Pack
Forum Discription:
URL: http://www.tmssoftware.com/site/forum/forum_posts.asp?TID=13515
Printed Date: 26 Aug 2019 at 6:57am


Topic: ECC Key Generation Linux
Posted By: Schumann Michael
Subject: ECC Key Generation Linux
Date Posted: 10 Jun 2019 at 10:46am
Sorry for bugging again, I again receive the "hang" on ECC key generation in Linux 64 with Version 3.5.1.0. Would you mind having a look into this?



Replies:
Posted By: Marion Candau
Date Posted: 10 Jun 2019 at 11:23am
Hi Michael,
I will release a new version very soon to fix this bug.
Best regards,
Marion


Posted By: Schumann Michael
Date Posted: 10 Jun 2019 at 11:48am
Hello Marion,

for couriosity I tested setting nacl to naclyes and my unit tests ran completely also in linux. I would be grateful if there would be a safe fix or switch (e.g. to a less secure but reliable random source) that I could use across the versions...

Thanks!


Posted By: Marion Candau
Date Posted: 10 Jun 2019 at 11:52am
Hello Michael,
If your test ran on linux, it's because there was enough entropy for the random number generator this time, it has nothing to do with the NaCL option.
Best regards,
Marion


Posted By: Schumann Michael
Date Posted: 10 Jun 2019 at 12:35pm
Hello Marion, thanks for the explanation. Is there a way to create entropy on a linux server somehow? And what does the NaCl Option do? I did not find any explanation in the manual, I know that "salt" is a popular encryption project ;-) The switch had no influence even on those unit tests that had hard coded results.

Best regards,
Michael


Posted By: Marion Candau
Date Posted: 10 Jun 2019 at 1:05pm
Hello Michael,
The entropy is created by the activity on the server, i.e. process, HDD access, keyboards timings, IDE timings.
The NaCl option is to have keys and cryptograms interoperable with the NaCl library : https://nacl.cr.yp.to/
Best regards,
Marion


Posted By: Schumann Michael
Date Posted: 10 Jun 2019 at 1:30pm
Hello Marion,
could you imagine introducing an option to use an pseudo number generator instead of the machine entropy (surely making things a bit less secure) to make it reliable on machines that have very little activity an no GUI activity like a standby server? I would trade that for a bit of security and one would have a choice.
Is there any drawback using NaClYes?
Best regards,
Michael


Posted By: Marion Candau
Date Posted: 10 Jun 2019 at 2:03pm
Hello Michael,
In the next release (coming in the next days), I have replaced /dev/random by /dev/urandom which uses the entropy machine even if the pseudorandom number generator seed was not fully initialized with entropy since boot.
The difference between naclno and naclyes is the byte order in the generation of keys and cryptograms.
Best regards,
Marion


Posted By: Schumann Michael
Date Posted: 13 Jun 2019 at 10:57am
Hello Marion,

thanks a lot! I love this library!

Bst regards
Michael



Print Page | Close Window