Random Number Entropy

This feature has dev/random seed OpenSSL‘s Deterministic Random Bit Generation (DRBG) for improved cryptography. Truly random number generation is essential for producing secure keys for encrypting and decrypting messages.

In ExtremeXOS, cryptographic functions are implemented using the OpenSSL library. The OpenSSL library uses a DRBG to generate random numbers. This DRBG is seeded with random numbers from the /dev/urandom device in the default configuration. However, in devices with few entropy sources, it is possible for the /dev/urandom device to provide the same seeds to OpenSSL instances running on different devices, resulting in two or more devices generating the same keys or sometimes different RSA keys having a common factor. It is also possible that after a reboot, the /dev/urandom device may provide the same seed that it provided on the last boot to OpenSSL instances running on the switch. This feature solves this problem by modifying OpenSSL such that it seeds its DRBG with random bits from the /dev/random device, instead of the /dev/urandom device.