RFE: Portable OpenSSH
Dan Kaminsky
dankamin at cisco.com
Wed Mar 28 05:27:09 EST 2001
> > Yes, but not all of us have the choice - AIX, SCO, and so on need random
> > numbers. So PRNGd is fine for systems lacking /dev/*random...
>
> whoooooooa! yes yes yes, i love prngd! exactly!
>
> what i was doing here was to take the opportunity to politely nudge
> someone from a major commercial OS vendor engineering dept about
> providing vendor /dev/*random. if Sun Engineering takes the lead
> for this in the commercial market, then the other vendors will be
> further behind, and more glaringly so, and perhaps all of them will
> get going faster.
Actually, I should emphasize that I do really like prngd. It'll definitely
be easier to deploy than EGD was, will spawn the creation of more apps
dependent on good entropy sources(as opposed to "seed RC4 with present time
and PID"), and represents a quite nice userspace("systemspace"?) RNG
implementation..
I just really want to avoid OpenSSH being hard-dependent on it. If I take
SSH1 or SSH2 and throw it on a random box, it'll work. If I take OpenSSH
and throw it on the same box, and it doesn't...I'm going to have a harder
time convincing other admins, who *aren't* SSH geeks like me, that OpenSSH
is a more elegant, more compatible, more secure solution.
Things should Just Work. prngd makes good entropy "just work" on more
platforms, which is awesome. Until its universally deployed as a crutch for
/dev/random, though, I'm not really comfortable with SSH losing its "just
works" status to it.
Yours Truly,
Dan Kaminsky, CISSP
http://www.doxpara.com
More information about the openssh-unix-dev
mailing list