EGD requirement a show stopper for me

Andre Lucas andre.lucas at
Tue Feb 1 02:03:39 EST 2000

Dave Dykstra wrote:
> I do not understand why people seem to dislike the idea of generating the
> initial random number from an entropy source and from then on saving a seed
> in a file.  That's what ssh 1.2.27 and PGP do; have they been criticized
> for that?  Sure it's a problem if somebody is able to break into your

I don't have the slightest concern about saving the PRNG state. Sorry if
it came across that way.

I do think that there's no need for the randseed to be exposed if you
don't have to, as it's part of the PRNG's state and so Its Disclosure Is
Probably A Bad Thing. Even though it is immediately stirred into the
real-time entropy pool, if it wasn't an important component of the PRNG
state there would be no point in saving it. All the Counterpane PRNG lit
suggests that state compromise attacks are truly bad, and even if Yarrow
is resistant to them I don't see the need to risk it.

> has been turned off on a machine thus tearing down all SSH sessions.  GnuPG
> is different in that respect because if somebody seized the seed file they
> may be able to guess what random key was used to encrypt data in a file.

I'm no authority of any kind on PRNG implementations or the software
you've listed. So this is just a barely educated opinion. I think it's a
good thing to save the random seed, as if you have confidence in your
PRNG it's a good random value with which to initialise the generator.
Since my understanding is that good entropy is hard to find(tm), why
waste it?


> - Dave Dykstra

More information about the openssh-unix-dev mailing list