Has your VPS secured entropy ?

xemaps

For curious people : In the Linux VPS type :
cat /sys/devices/virtual/misc/hw_random/rng_available
If not empty, VirtioRNG expose your VPS...

grep rdrand /proc/cpuinfo
RDRAND is real hardware Digital Random Number Generator.
I hope you have it and use it (all recent CPU passed to VPS should be OK)

Otherwise you can use rngd or another good generator before make a key.
install rng-tools and :

cat /dev/urandom | rngtest -c 1000
rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 1000
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=1.035; avg=4.771; max=4.657)Gibits/s
rngtest: FIPS tests speed: (min=161.640; avg=291.960; max=307.637)Mibits/s
rngtest: Program run time: 69743 microseconds

Should be 0 fail
Found on the net.

jsg

@xemaps said:
For curious people : In the Linux VPS type :
cat /sys/devices/virtual/misc/hw_random/rng_available
If not empty, VirtioRNG expose your VPS...

grep rdrand /proc/cpuinfo
RDRAND is real hardware Digital Random Number Generator.
I hope you have it and use it (all recent CPU passed to VPS should be OK)

And there have been indications that (at least intel's) HW RNG should not be trusted. And certainly not on a virtual machine. I personally only (and at most) use it for one component (among others) for random seeding and maybe, again in a ratchet or mixer, for occasional reseeding.

Btw and sorry, the whole matter of (pseudo) RNGs isn't as simple as many seem to think, plus, to make it worse, it is by far more critical for crypto than many think.

xemaps

@jsg said:

@xemaps said:
For curious people : In the Linux VPS type :
cat /sys/devices/virtual/misc/hw_random/rng_available
If not empty, VirtioRNG expose your VPS...

grep rdrand /proc/cpuinfo
RDRAND is real hardware Digital Random Number Generator.
I hope you have it and use it (all recent CPU passed to VPS should be OK)

And there have been indications that (at least intel's) HW RNG should not be trusted. And certainly not on a virtual machine. I personally only (and at most) use it for one component (among others) for random seeding and maybe, again in a ratchet or mixer, for occasional reseeding.

Btw and sorry, the whole matter of (pseudo) RNGs isn't as simple as many seem to think, plus, to make it worse, it is by far more critical for crypto than many think.

So do You use rngd OR own server key issued at home ?

jsg

@xemaps said:

@jsg said:

@xemaps said:
For curious people : In the Linux VPS type :
cat /sys/devices/virtual/misc/hw_random/rng_available
If not empty, VirtioRNG expose your VPS...

grep rdrand /proc/cpuinfo
RDRAND is real hardware Digital Random Number Generator.
I hope you have it and use it (all recent CPU passed to VPS should be OK)

And there have been indications that (at least intel's) HW RNG should not be trusted. And certainly not on a virtual machine. I personally only (and at most) use it for one component (among others) for random seeding and maybe, again in a ratchet or mixer, for occasional reseeding.

Btw and sorry, the whole matter of (pseudo) RNGs isn't as simple as many seem to think, plus, to make it worse, it is by far more critical for crypto than many think.

So do You use rngd OR own server key issued at home ?

I never used rngd nor do I plan to use it. And, not saying that that is what I use/do, I've yet to see evidence for openssl keys created "at home" not being trustworthy if done properly (besides the fact that I do not really trust openssl per se, but there are other and better implementations available).

xemaps

@jsg said:

@xemaps said:

@jsg said:

@xemaps said:
For curious people : In the Linux VPS type :
cat /sys/devices/virtual/misc/hw_random/rng_available
If not empty, VirtioRNG expose your VPS...

grep rdrand /proc/cpuinfo
RDRAND is real hardware Digital Random Number Generator.
I hope you have it and use it (all recent CPU passed to VPS should be OK)

And there have been indications that (at least intel's) HW RNG should not be trusted. And certainly not on a virtual machine. I personally only (and at most) use it for one component (among others) for random seeding and maybe, again in a ratchet or mixer, for occasional reseeding.

Btw and sorry, the whole matter of (pseudo) RNGs isn't as simple as many seem to think, plus, to make it worse, it is by far more critical for crypto than many think.

So do You use rngd OR own server key issued at home ?

I never used rngd nor do I plan to use it. And, not saying that that is what I use/do, I've yet to see evidence for openssl keys created "at home" not being trustworthy if done properly (besides the fact that I do not really trust openssl per se, but there are other and better implementations available).

Ok, then until new quantum key, reverse to single pass with more than 12 mixed alphanumspecialchars password ?

EdDSA key (ed25519-255b or ed448-448b) are my favorite actually (with>12 added pass), very fast, but just for 1 ssh.