the "evil" of EGD (was Re: RFE: Portable OpenSSH)
Dan Kaminsky
dankamin at cisco.com
Thu Mar 29 08:57:42 EST 2001
> I hope this doesn't sound stupid, but I don't understand why everyone
> is so down on EGD. I've been using it (on AIX) since we put in
> OpenSSH, and I haven't had any problems with it.
>
> Am I just not smart enough to understand why it is so bad? (Of
> course, I understand the much preferable inclusion of a real source
> of entropy by the vendor, but why is egd so bad compared to the other
> add on entropy sources?)
Take a look at the few other client apps that require client daemons to
accompany in the background:
1) GNOME
2) Sun CC (requires FlexLM, apparently)
Everything else is self-contained--even when there's crypto. This includes
TrueSSH(damnit, I'm just going to start calling it this), Netscape-SSL, etc.
That being said, prngd is a really slick way to do what it does, and it
speeds things up significantly. It's fast, lightweight, and well done.
I just object to it being mandatory.
--Dan
More information about the openssh-unix-dev
mailing list