EGD requirement a show stopper for me

Andre Lucas andre.lucas at dial.pipex.com
Thu Feb 3 03:24:30 EST 2000


Dave Dykstra wrote:
> 
8< 
> OK, but could one figure out the internal state of the PNRG without having
> access to the seed file?  I'm not worried about compromise of the seed file.
> I would think that if somebody could figure out what numbers were being
> generated by the PNRG they could predict what it might do in the future, but
> as far as I know there's no way for someone to do that without having already
> broken into the legitimate client or server.
> 
> I don't get why SSH 1.2.27 can do without /dev/random and EGD and yet
> there's been no CERT advisories saying that that part of SSH is insecure.
>
That's not the way I would look at things. The absence of a compromise
doesn't mean none exist. (I'm sure that's not what you meant either.) I
don't accept that what ssh-1 is prepared to live with is necessarily the
right way for us to go.

Your point is taken. I don't think most people who use SSH use it to
protect against people already logged in. Though I still think the
setuid() argument stands, there are other problems with running
standalone. A daemon sitting in the background has (potentially at
least) a much larger entropy pool to work with, and that should give a
more random result.

8<
> It's not enough to just port EGD to C, it needs to be integrated with
> openssh and very preferably not be a separate process.  There's nothing
> inherently wrong with that, is there (ignoring for the moment the amount
> of work it would take)?

I don't agree that it *has* to be directly linked in. That would make it
easier to deploy, which is a win, and if that's the prime goal then
fine. I suspect that, all things being equal, everyone would like to use
/dev/random (a special case of a standalone entropy gathering program)
over builtin functions with designed-in limitations. Since we have to
implement something (or just stick with EGD; probably not acceptable for
long) we should at least consider all the options.

Disregarding the amount of work, I think it would be better to have it
separate. What goes into OpenSSH is Damien's call, though, and since
it's a lot of work for someone either way it might be good to see what
that decision turns out to be in this case.

Ta,
-Andre





More information about the openssh-unix-dev mailing list