Killing the builtin entropy code

Damien Miller djm at mindrot.org
Fri Dec 21 12:10:18 EST 2001


Over the holidays, I intend to finally rid portable OpenSSH of the
builtin entropy collection code. Here's what I intend to do:

When init_rng is called, we'll check OpenSSL's RAND_status(). If this
indicates that their PRNG is already seeded, we'll do nothing. This
effectively detects platforms which have /dev/urandom (or similar)
configured into OpenSSL.

If OpenSSL isn't seeded, we will fork+suid(user)+exec a subprocess
"ssh-rand-helper" which will return 64 bytes of randomness to stdout.
This will be used to seed OpenSSL's PRNG. 512 bits should be enough
for anyone :)

ssh-rand-helper may be a program which fetches randomness from PRNGd,
it could be a Yarrow implementation or it could be an adaptation of the
current entropy code to run in a one-shot mode. I'll certainly implement 
a PRNGd ssh-rand-helper, if time permits I'll do one of the others.

This takes all the responsability out of OpenSSH for collecting random
numbers and allows sites to implement whatever fallbacks they require
using wrappers around ssh-rand-helper (which could be shell scripts).

Comments?

-d

-- 
| By convention there is color,       \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)




More information about the openssh-unix-dev mailing list