OpenSSL PRNG

Damien Miller djm at mindrot.org
Thu Jul 12 10:01:02 EST 2001


On Wed, 11 Jul 2001, Lutz Jaenicke wrote:

> Nobody of the OpenSSH team did speak up until know. Probably they are busy
> checking things out :-)

As I read it we are not vulnerable.

We take random bytes in 32 bytes chunks, rather than the 1 byte reads
that the advisory warns against. Apart from OpenSSL's internal use
of the of the PRNG (for creating keys, etc), OpenSSH mainly uses the
PRNG to seed a second RC4-based PRNG. This RC4-based PRNG implements
OpenBSD's arc4random function for systems that lack it (which is
unfortunately most other OSs).

-d

-- 
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org          /   distributed filesystem'' - Dan Geer




More information about the openssh-unix-dev mailing list