Tuesday 1 December 2015

Raspberry Pi generates predictable SSH keys

The ultra-cheap Raspberry Pi computers have a security flaw which results in the devices generating a weak and predictable SSH key, new research suggests. The researchers say the computer’s operating system, Raspbian, should be patched to avoid the flaw. "As soon as the systems start up systemd-random-seed tries to seed /dev/urandom, but /var/lib/systemd/random-seed is missing, because it hasn’t been created yet", explains the developer oittaa. "/etc/rc2.d/S01regenerate_ssh_host_keys is executed, but /dev/urandom pool doesn’t have that much entropy at this point and predictable SSH host keys will be created", he continues. According to the report, there are two ways developers can create… [Continue Reading]

Read the full article here by BetaNews

No comments: