unable to write 'random state' -- should I be worried?

[douglasdd]

In general, lack of randomness in crypto is considered a "Very Bad Thing".
So should I be worried when I see:

Code: Select all

unable to write 'random state'

coming out the the build-ca script?

I've seen this noted elsewhere, but can find no definitive answer.

Server is a Mac OS X 10.5.8 (PPC) Using OpenVPN 2.2.0 from MacPorts, using the "easy-rsa/2.0/" templates.

Code: Select all

$ sh build-ca 
Generating a 1024 bit RSA private key
...
unable to write 'random state'
writing new private key to 'ca.key'
-----
You are about to be asked...

Many thanks in advance,
./ddd

[douglasdd]

I can answer 1/2 of my own question:

(1) The work-around:

Code: Select all

sudo rm ~/.rnd

was easy to find as soon I stopped using the keyword 'openvpn' in my searches, and instead used 'openssl' -- because `build-ca` uses `pkitool` which is just a wrapper for the `openssl` command-line tool.

...`openssl` writes and maintains that file in your home directory, and mine was owned by 'root' (so was not writable). I'm guessing that sometime in the past I'd used `sudo <some command that uses openssl>` to leave the root-owned file in my own home directory.

(2) Should I have been worried?
Still don't know the answer to that. Any SSL/cyrpto geeks have an answer?

[janjust]

@1:

.`openssl` writes and maintains that file in your home directory, and mine was owned by 'root' (so was not writable). I'm guessing that sometime in the past I'd used `sudo <some command that uses openssl>` to leave the root-owned file in my own home directory.

yup, that's the root cause...

@2:

Should I have been worried?

Remember, just because you're paranoid doesn't mean they aren't after yo

on a more serious note: who has had acces to your laptop ? if I were a hacker who wants to steal your PKI setup then I'd do something smarter than screw up your random seed file...