RFE: Portable OpenSSH

Damien Miller djm at mindrot.org
Tue Mar 27 15:48:38 EST 2001

On Mon, 26 Mar 2001, Dan Kaminsky wrote:

> Tracking down external dependancies, incidentally, has lead me to be
> somewhat annoyed at the way our RNG's work.  There's no failover, no run
> time switching, it doesn't even embed a default list of prng
> commands...something to fix.

Save your time :) The built-in PRNG will be deprected very soon, in
favour of PRNGd[1].

Entropy collection and pooling is best handled by long-running processes
(ideally the kernel) as they get many more opportunities to gather
better quality randomness over their lifetime.

Other benefits include a faster startup time for ssh, etc and the removal
of nearly 1000 lines of code from portable OpenSSH.


[1] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html

| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org          /   distributed filesystem'' - Dan Geer

More information about the openssh-unix-dev mailing list