Patch to enable multiple possible sources of entropy

Michael Stone mstone at cs.loyola.edu
Mon Jun 11 12:41:14 EST 2001


On Sun, Jun 10, 2001 at 12:49:18PM -0500, mouring at etoh.eviladmin.org wrote:
> Hmm.. my only complaints about the patch is that seed_rng and init_rng are
> pretty unreadable due to #ifdef/#end, and that I don't know if I like the
> idea of ssh/sshd stepping down in entropy quality on a whim.  Which is
> what this patch would do if for some odd reason prngd is offline at
> startup of sshd/ssh.

What if there were some kind of warning message? We've already seen the
obnoxious key-is-1023 message, what's one more? Obviously the entropy
requirement depends on the application, but there are a lot of machines
where I'm far more concerned about not getting in at all (because prngd
is busted) than I am about bad entropy in that case. It's no worse than
if prngd weren't being used at all, and might make it easier to accept
prngd.

-- 
Mike Stone



More information about the openssh-unix-dev mailing list