RFE: Portable OpenSSH
Damien Miller
djm at mindrot.org
Tue Mar 27 15:48:38 EST 2001
On Mon, 26 Mar 2001, Dan Kaminsky wrote:
> Tracking down external dependancies, incidentally, has lead me to be
> somewhat annoyed at the way our RNG's work. There's no failover, no run
> time switching, it doesn't even embed a default list of prng
> commands...something to fix.
Save your time :) The built-in PRNG will be deprected very soon, in
favour of PRNGd[1].
Entropy collection and pooling is best handled by long-running processes
(ideally the kernel) as they get many more opportunities to gather
better quality randomness over their lifetime.
Other benefits include a faster startup time for ssh, etc and the removal
of nearly 1000 lines of code from portable OpenSSH.
-d
[1] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
More information about the openssh-unix-dev
mailing list