I was wondering if anyone knew if Cisco IOS (that is, the mainline IOS, not the XE or XR trains) had an internal secure random number generator similar to Unix-style /dev/urandom? If so, what and if not, what does eg. OpenSSL use for seed entropy in Cisco IOS?
Asked
Active
Viewed 980 times
1
-
That's an interesting topic, but it should be posted at security.SE or at serverfault.com ... The programming bit is missing. – Maarten Bodewes Nov 11 '16 at 13:03
-
could some one with the privileges move this to serverfault? – Harsha J K Apr 14 '18 at 12:23
1 Answers
1
YES, Cisco IOS makes use of a PRNG (Pseudo Random Number Generator) in images where encryption features are available.
This applies at least to K8 and K9 IOS image types. Sometimes, this PRNG fails and you get error messages on the console, like this one:
"UTIL-6-RANDOM: A pseudo-random number was generated twice in succession"
Alexandre Fenyo
- 4,526
- 1
- 17
- 24