arc4randomstir() in OpenSSH

Damien Miller djm at
Thu Mar 29 09:21:52 EST 2001

On Wed, 28 Mar 2001, Darren J Moffat wrote:

> I'm trying to understand the rational behind the arc4random() and
> arc4random_stir() functions in the OpenSSH source tree.

We are following the OpenBSD tree with as few changes as possible -
this is the approach used by them.

> On a system that has a good random number generator, say an in
> kernel /dev/random what extra functionality is this stuff providing ?

It minimises reads from /dev/random which usually contains a finite
amount of entropy. Most of the random numbers used in OpenSSH need
don't need the "information theoretic" strength of /dev/random.

> Would it be acceptable to replace the calls to arc4random() with
> reading from /dev/random and drop the arc4random_stir() all together ?

If you want to waste randomness, yes :)

Many of the calls to arc4random are fairly high volume users, e.g.
paddding which is done per-packet. These would deplete /dev/random
pretty quickly. If you used /dev/urandom (the 'endless' interface), then
you are back to doing something like arc4random only in the kernel.


| Damien Miller <djm at> \ ``E-mail attachments are the poor man's
|          /   distributed filesystem'' - Dan Geer

More information about the openssh-unix-dev mailing list