/etc/urandom and Solaris

Paul Allen paul.l.allen at boeing.com
Wed Mar 29 16:20:17 EST 2000

Carl Brewer wrote:
> > Carl Brewer wrote:
> > >
> > > Sun *does* have a /dev/random, and it works with OpenSSH
> > >
> > > It's not bundled, it's part of the package SUNWski.
> > >
> > > You can find SUNWski on Sunsolve if you go scanning through the
> > > patch reports.
> >
> > Hmmm...  There are both international and domestic versions of the
> > Sun Web Server patch that contains SUNWski.  One can only download
> > the international version with no crypto.  Will the international
> > version have a functioning /dev/random, or will I have to get the
> > folks at 1-800-USA4SUN to send me a tape?
> I don't know the story wrt the versions, but the one that I have
> I got from SunSolve by searchign for /dev/random in the patch
> reports, and finding SUNWski, and then downloading the patch,
> pulling out the package and applying it.  It works on Solaris 2.6, 7
> and 8ea (personal experience).

OK, it's just like Carl says.  Download patch 105710-01 (this is the
SPARC version) from SunSolve.  If you have a SunSolve account, you
know how to do this.  Unpack the patch and do something like:

	pkgadd -d 105710-01

Have it install the SUNWski package.  Among other things, this gives
you /etc/init.d/cryptorand and /etc/init.d/skiserv.  You probably want
to disable the skiserv script, but the cryptorand script is the one
that creates a fifo called /dev/random with a daemon connected to it.
Reading from /dev/random after saying "/etc/init.d/cryptorand start"
gets apparently random data.

Does anybody know how to tell if this is "good" random data?  I know
less than nothing about cryptography and am not sure how to judge
this versus egd.pl.

Paul Allen
Paul L. Allen           | voice: (425) 865-3297  fax: (425) 865-2964
Unix Technical Support  | paul.l.allen at boeing.com
Boeing Phantom Works Math & Computing Technology Site Operations,
POB 3707 M/S 7L-68, Seattle, WA 98124-2207

More information about the openssh-unix-dev mailing list