Entropy and DSA key
Damien Miller
djm at mindrot.org
Sat Nov 3 09:46:51 EST 2001
On Fri, 2 Nov 2001, Ed Phillips wrote:
> I remember a discussion to the effect that using DSA keys in sshd
> increases the requirement for random bits available on the system... and
> that this requirement (was it a 128 bit random number per connection?)
> presents security problems on systems that don't have a decent source of
> entropy? Am I misinterpreting those discussions?
>
> We are having a problem deploying sshd (no prngd) where sshd refuses to
> start because it says theres not enough available entropy. Would
> disabling DSA in sshd prevent the system from becoming "entropy starved"?
No, you should adjust ssh_prng_cmds to gather more entropy or pester your
OS vendor for /dev/random.
> If I'm missing the point of the latest discussions, someone please correct
> me.... what was the real meaning of those discussions about using DSA keys
> in sshd?
Read WARNING.RNG
-d
--
| By convention there is color, \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)
More information about the openssh-unix-dev
mailing list