Killing the builtin entropy code
Booker C. Bense
bbense at networking.stanford.edu
Mon Dec 31 12:01:38 EST 2001
On Mon, 24 Dec 2001, Damien Miller wrote:
> On Fri, 21 Dec 2001, Damien Miller wrote:
>
> > Over the holidays, I intend to finally rid portable OpenSSH of the
> > builtin entropy collection code. Here's what I intend to do:
>
> Have done :)
>
> I have just committed a patch which splits out the entropy gathering
> into a seperate process "ssh-rand-helper". As a result, there are
> nearly 1k fewer lines of hairy code in ssh and sshd :)
>
> There is an example ssh-rand-helper which, suspiciously enough, looks
> exactly like the old in-process entropy gatherer. At the moment it is
> not very pretty (though no worse than the old code), but it is time to
> stop for this evening.
>
> Hopefully someone else will step up to the plate and write or port
> a proper Yarrow PRNG.
>
- I have made a start using the Yarrow library provided at
http://opensource.zeroknowledge.com/yarrow/
This was the only unix Yarrow implementation I could find,
it seems pretty "beta" at best. It still has the problem
of figuring out good entrophy estimators. Once the code
compiles I'll hand it out, but I'm not sure it will actually
be any improvement.
- Booker C. Bense
More information about the openssh-unix-dev
mailing list