Killing the builtin entropy code

Dan Kaminsky dan at doxpara.com
Fri Dec 21 21:53:40 EST 2001


Damien--

    The end question is, "Will ssh continue to work with no external
dependencies or not?"

    If an upgrade comes out that suddenly breaks OpenSSH on all sorts of
platforms, well, people won't upgrade.  Hell, they're lazy enough to still
use some ancient kernel devoid of kernelspace entropy generation; I think
they can scrounge together the laziness to never, ever upgrade their build
of OpenSSH again :-)

    I very much do like the idea of being able to plug in external entropy
generators.  I think this is critical and important and many different kinds
of good.  However, it's pretty critical that, failing the existence of one
of these external generator applications, ssh be able to take care of
itself -- possibly through a default last-ditch entropy source of "ssh -o
OutputEntropy yes".

    We've had security issues before, and we may very well again.  If we
make it difficult to upgrade a build of OpenSSH, knowing that will prevent
the software from being upgraded in the field, we're dooming a portion of
our audience to insecurity.

    I have trouble accepting that.

--Dan





More information about the openssh-unix-dev mailing list