On Wed, Sep 27, 2017 at 07:57:43PM +0800, Harald Welte wrote:
For TMSI allocation, my "cryptographic gut feeling"[tm] is that something like rand() or any other pseudo-random generator of significantly large period is sufficient *if* it is seeded by a non-predictable value. So something like seeding with getrandom() result should be fine?
Also matches my gut feeling there. Might also make sense to periodically re-seed from /dev/urandom / getrandom(), like every 100 TMSIs, or based on a timeout might be easier to implement.
For long-term stable key (Ki/Op) generation for provisioning SIM cards + populating a HLR, I would certainly opt for using stronger randomness sources. However, I don't think we actually implement that anywhere, do we?
what does openssh use for public/private keypair generation?
What do you guys think? Is there somebody on this list more cryptographically qualified to give us proper guidance? If you know somebody skilled who might want to help but is not on this list, would you invite them to join this discussion?
I don't count myself as one of them, help is still appreciated.
~N