OpenSSL PRNG

J.S.Peatfield at damtp.cam.ac.uk J.S.Peatfield at damtp.cam.ac.uk
Thu Jul 12 03:29:50 EST 2001


Just for peace of mind, can someone who knows the openssh code better than
I do, confirm that openssh doesn't use (in any circumstances) the openssl
prng (since the code in versions prior to 0.9.6b is rather weak).

My understanding is that it doesn't (using either /dev/random, egd, prngd or
the builtin code), but I may have missed some other use of the openssl prng
elsewhere...

 -- Jon



More information about the openssh-unix-dev mailing list