14 DAY TRIAL // A study carried out by two security researchers revealed that the internal functions used by Linux systems to produce random numbers, which are later utilized to encrypt data, is much weaker than previously thought.
The authors of this study are Bruce Potter and Sasha Moore, which presented their findings at the recent Black Hat USA 2015 security conference in Las Vegas.
As they highlight in their paper, "nearly every crypto system relies heavily on access to high quality random numbers."
This is a Linux-only issue
In Linux and other UNIX-like operating systems, these random numbers are produced from a set of sources. These sources can be the user's mouse movements, keyboard input, or various hardware-generated activity like disk IO events, signal interrupts and network packet inter-arrival times.
This data is fed to the kernel, which allows applications to pull from it whenever they need it, either via the /dev/random or the /dev/urandom files.
The difference between these two files is that /dev/random "provides random data that is nearly 100% entropy" but will also "will block until the OS generates more entropy," while /dev/urandom "will hand out data from its PRNG (Pseudo-Random Numbers Generator) regardless of the amount of entropy in the entropy pool."
This means random numbers with a lesser entropy value will be provided to various services looking for random data, which trying to avoid blockage situations will use /dev/urandom instead of the safer /dev/random file.
OpenSSL doesn't always use strong random numbers when generating encryption keys
The problem relies with what applications use /dev/urandom.
"One of the largest consumers of random numbers is OpenSSL. [...] OpenSSL pulls data from /dev/urandom only, " say the researchers.
OpenSSL is used by other software like OpenSSH, OpenVPN or Apache, typically installed on Web servers. Web servers don't usually have a lot of activity on them on a regular basis.
If the natural entropy sources run dry at any particular moment, this could potentially allow random numbers to be generated that are easier to guess, resulting in weaker security keys, susceptible to brute force attacks.
You can check out Bruce Potter and Sasha Wood's Black Hat presentation here, or read their research paper.