[Openswan Users] CKAIDNSS keyword not found where expected in RSAkey in /var/log/secure
Avesh Agarwal
avagarwa at redhat.com
Thu Jul 9 09:26:27 EDT 2009
Paul Wouters wrote:
> On Wed, 8 Jul 2009, Greg Scott wrote:
>
>> [root at huge-fw ipsec.d]# ipsec newhostkey --random /dev/urandom
>> --configdir /etc/ipsec.d/nssdb --password ZSE45tgb --output
>> /etc/ipsec.d/hostkey.secrets
>> Generated RSA key pair using the NSS database
>
> Never use /dev/urandom for long term keys! Openswan knows when it needs
> to use /dev/random and when it is not safe to use /dev/urandom. Don't
> second guess it!
>
> Paul
Hi Paul,
NSS does not change anything in the way /dev/random or /dev/urandom is
used.
Thanks
Avesh
More information about the Users
mailing list