Entropy and DSA key

Damien Miller djm at mindrot.org
Sat Nov 3 09:46:51 EST 2001


On Fri, 2 Nov 2001, Ed Phillips wrote:

> I remember a discussion to the effect that using DSA keys in sshd
> increases the requirement for random bits available on the system... and
> that this requirement (was it a 128 bit random number per connection?)
> presents security problems on systems that don't have a decent source of
> entropy?  Am I misinterpreting those discussions?
>
> We are having a problem deploying sshd (no prngd) where sshd refuses to
> start because it says theres not enough available entropy.  Would
> disabling DSA in sshd prevent the system from becoming "entropy starved"?

No, you should adjust ssh_prng_cmds to gather more entropy or pester your
OS vendor for /dev/random.

> If I'm missing the point of the latest discussions, someone please correct
> me.... what was the real meaning of those discussions about using DSA keys
> in sshd?

Read WARNING.RNG

-d

-- 
| By convention there is color,       \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)




More information about the openssh-unix-dev mailing list