Problem compiling 1.2.2 on solaris

Morten Eriksen mortene at sim.no
Wed Feb 16 18:30:32 EST 2000


* Damien Miller
> The crypto in OpenSSH needs good, hard to predict random numbers. We
> prefer that such random numbers come from a range of difficult to
> guess sources such as interrupt timings, keystroke and mouse event
> times, etc.
> 
> On the other hand, libc's rand functions [...] are usually seeded
> with the current system time and/or pid, both of which are available
> to an attacker.

The microseconds part of the struct timeval filled in by the
gettimeofday() call seems like it could be a decent source of entropy
in itself to me. Would you care to explain why this is not correct? Is
it because the granularity of system clocks are not good enough, or is
there a pattern to how the value of the microseconds part will be set?

> Work is underway to port Schneier and Kelsey's Yarrow PRNG code from
> Windows to a Unix library. When this is done and audited, it will
> probably replace EGD in OpenSSH.

Ok, great. Does the functionality of this code include both a PRNG and
an entropy source for the seed?

Regards,
Morten Eriksen





More information about the openssh-unix-dev mailing list