RFE: Portable OpenSSH

David Terrell dbt at meat.net
Wed Mar 28 11:24:10 EST 2001

On Tue, Mar 27, 2001 at 04:20:26PM -0800, Dan Kaminsky wrote:
> Moral of the story:  Just because this platform had /dev/random once doesn't
> mean it always will--and hopefully, just because it didn't when this binary
> was compiled doesn't mean it always won't.  Slowly but surely, modules will
> pop up for OS's that lack /dev/random.  Rather than require a code
> recompile, we can simply agree that kernel entropy will *always* be of
> higher quality than user entropy and therefore we will dynamically(or at
> least after a kill -HUP) switch to the better source.

when you're doing recompiling, a kill -HUP will reload the new binary 
with /dev/random support.

If you want to make entropy source configurable at runtime, why don't
you supply the patches?

> Like I said, I *like* the concept of prngd.  I just don't accept that a
> local daemon should be required for a local client to execute successfully.
> Help it out?  Speed it up?  Increase efficiency?  Decrease redundancy(as
> long as the shared source is root)?  Sure.  But *mandate*, on penalty of
> failure?

I don't like prngd.  It's a graceful hack to work around missing kernel
features that every modern operating system should have.  The sooner
I never have to run PRNGd on any of my systems, the happier I'll be.

On the other hand, telling Damien how he should support /dev/random
vs prngd without supplying code to do what you seem to want it to
do (if you want it so bad, why haven't you already written it
yourself for your local systems) isn't reasonable.

David Terrell   | "To increase the hype, I'm gonna release a bunch
Nebcorp PM      | of BLT variants (NetBLT, FreeBLT, BLT386, etc)
dbt at meat.net    | and create artificial rivalries."
wwn.nebcorp.com |  - Brian Sweltand (www.openblt.org)

More information about the openssh-unix-dev mailing list