RFE: Portable OpenSSH
Christopher Linn
celinn at mtu.edu
Wed Mar 28 04:49:48 EST 2001
On Tue, Mar 27, 2001 at 10:25:43AM -0800, Darren Moffat wrote:
> >now i must ask, especially since we have someone from sun engineering
> >paying attention to OpenSSH (hi Darren!), just why the most beautifully
> >engineered kernel archetecture (solaris) does not yet have a
> >cryptographic-grade random device?!? the /dev/random supplied with
>
> I can't comment officially but I'm sure you won't be dissapointed in the
> future ;-)
>
> The /dev/random that comes with the iPlanet stuff I believe is the
> cryptorandd implmenation from the SUNWski package, I'm not sure of its
> quality but I have heard reporsts that PRNGd is better but an in kernel
> /dev/random (and /dev/urandom for that matter) is much more likely to
> give better randomness.
indeed, in-kernel entropy gathering can be made to gather entropy
from e.g. active device drivers, using completion times etc., whereas
anything else must rely on executed userland commands and the like,
which must be horribly inefficient and lower quality entropy by
comparison.
i would hope that this might come in an LKM which would be backward-
compatible with solaris 7 & 8 (at least), with an associated set of
modified device drivers (disk, net, etc) to feed the LKM... just my
thoughts. (sounds like a big job, eh? ;*)
> --
> Darren J Moffat
very best regards,
chris
--
Christopher Linn, <celinn at mtu.edu> | By no means shall either the CEC
Staff System Administrator | or MTU be held in any way liable
Center for Experimental Computation | for any opinions or conjecture I
Michigan Technological University | hold to or imply to hold herein.
More information about the openssh-unix-dev
mailing list