Patch to enable multiple possible sources of entropy

Michael Stone mstone at
Mon Jun 11 12:41:14 EST 2001

On Sun, Jun 10, 2001 at 12:49:18PM -0500, mouring at wrote:
> Hmm.. my only complaints about the patch is that seed_rng and init_rng are
> pretty unreadable due to #ifdef/#end, and that I don't know if I like the
> idea of ssh/sshd stepping down in entropy quality on a whim.  Which is
> what this patch would do if for some odd reason prngd is offline at
> startup of sshd/ssh.

What if there were some kind of warning message? We've already seen the
obnoxious key-is-1023 message, what's one more? Obviously the entropy
requirement depends on the application, but there are a lot of machines
where I'm far more concerned about not getting in at all (because prngd
is busted) than I am about bad entropy in that case. It's no worse than
if prngd weren't being used at all, and might make it easier to accept

Mike Stone

More information about the openssh-unix-dev mailing list