EGD requirement a show stopper for me

Damien Miller djm at mindrot.org
Wed Feb 2 19:23:49 EST 2000


On Tue, 1 Feb 2000, Dave Dykstra wrote:

> Ok, maybe I'm missing something.  If you have a good initial seed
> to your PRNG and you save it in a protected file the way ssh 1.2.27
> does, is there any problem with not using the EGD (or /dev/random
> because it's not available)?  We could take some of the code from
> the EGD (ported to C) or from some other open source package to
> get the initial seed, when we don't mind spending a little extra
> time, and from then on do things more quickly without the aid of an
> external program or driver.  Right?

A seed alone is not enough. You need to occassionally add new entropy
to the pool, otherwise your RNG is just a PRNG. OpenSSH already has a
PRNG, which it seeds from /dev/urandom or from EGD - it trusts these
to be high quality sources of random data.

It would be great if someone could resurrect some of the entropy
gathering hooks from ssh-1.2.16 and combine them with the pool
functions of a Yarrow modified to use OpenSSL's crypto routines.

-d

--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)








More information about the openssh-unix-dev mailing list