14 DAY TRIAL // Raspberry Pi devices running on Raspbian may need to be patched to avoid a security issue that results in the device generating weak and predictable SSH keys.
Raspbian is a free operating system based on Debian optimized for Raspberry Pi hardware. According to developer oittaa, the issue resides in the way Raspbian generates SSH keys.
"As soon as the systems starts up systemd-random-seed tries to seed /dev/urandom, but /var/lib/systemd/random-seed is missing, because it hasn't been created yet," explains the developer.
"/etc/rc2.d/S01regenerate_ssh_host_keys is executed, but /dev/urandom pool doesn't have that much entropy at this point and predictable SSH host keys will be created," he continues.
This is an older Linux issue
This is a simplified explanation of what oittaa said above. In Linux, the /dev/urandom function is used to generate random numbers, alongside the /dev/random function.
Technically, /dev/random is recommended because it uses user-generated entropy to generate better random numbers. By user-generated entropy, we mean the user's mouse movements, keyboard input, or various hardware-generated activities like disk I/O events, signal interrupts, and network packet inter-arrival times.
Unfortunately, this is a blocking function, which means that it freezes the operating system from working until it has enough entropy data to generate strong random numbers.
That's why most developers use /dev/urandom instead, which generates random numbers based on a PRNG (Pseudo-Random Numbers Generator) algorithm, regardless of the user entropy data it has at its disposal.
The issue was reported and fixed
In Raspbian's case, because of an incorrect boot sequence, there is not enough data, not even in the /dev/urandom function, and if the OS is set to generate SSH host keys right at startup, it will put together predictable values that are far less secure than what it would generally be needed for SSH data.
The Raspbian and Raspberyy Pi projects have worked together to put out a fix, but the issue of cryptographically secure random numbers on Linux machines is one that will still linger around.
A better look at this overall problem can be provided by one of our previous articles on this topic, or by Bruce Potter and Sasha Wood's Black Hat Las Vegas 2015 presentation or from their research paper, "Understanding and Managing Entropy."