Killing the builtin entropy code

Damien Miller djm at mindrot.org
Mon Dec 24 01:42:04 EST 2001


On Fri, 21 Dec 2001, Damien Miller wrote:

> Over the holidays, I intend to finally rid portable OpenSSH of the
> builtin entropy collection code. Here's what I intend to do:

Have done :)

I have just committed a patch which splits out the entropy gathering
into a seperate process "ssh-rand-helper". As a result, there are
nearly 1k fewer lines of hairy code in ssh and sshd :)

There is an example ssh-rand-helper which, suspiciously enough, looks
exactly like the old in-process entropy gatherer. At the moment it is
not very pretty (though no worse than the old code), but it is time to
stop for this evening.

Hopefully someone else will step up to the plate and write or port
a proper Yarrow PRNG.

ssh-rand-helper is invoked by a hardcoded path (in libexecdir) and
must produce a fixed (48 byte) quantity of entropy to stdout on
execution. This is subject to change.

It would be greatly appreciated if people cast a critical eye over the
new entropy.c to make sure I haven't missed anything.

The new code should "just work" after a "make install", so please try it
out (after reading it thoroughly!)

-d

-- 
| By convention there is color,       \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)




More information about the openssh-unix-dev mailing list