Entropy and DSA key
Ed Phillips
ed at UDel.Edu
Tue Nov 6 03:23:51 EST 2001
Is there any way to compile openssh so that it will use prngd, but if it's
not answering, use the compiled-in prng-like routines?
Thanks,
Ed
On Mon, 5 Nov 2001 mouring at etoh.eviladmin.org wrote:
> Date: Mon, 5 Nov 2001 09:59:30 -0600 (CST)
> From: mouring at etoh.eviladmin.org
> To: Damien Miller <djm at mindrot.org>
> Cc: Laurent Papier <papier at sdv.fr>, openssh-unix-dev at mindrot.org, ed at UDel.Edu
> Subject: Re: Entropy and DSA key
>
>
> Maybe we should have set internal entropy to --with-internal-entropy at
> the 3.0 instead of having it default. (Thus having ./configure failure
> if it does not find entropy)
>
> I think most people will ignore messages if ./configure success.
>
> - Ben
>
> On Tue, 6 Nov 2001, Damien Miller wrote:
>
> > On Mon, 5 Nov 2001, Laurent Papier wrote:
> >
> > > > No, you should adjust ssh_prng_cmds to gather more entropy or pester your
> > > > OS vendor for /dev/random.
> > >
> > > We have the exact same problem here on AIX 3.x. We now use prngd and this
> > > completly solve the problem.
> >
> > Short of pursuading your OS vendor to give you a /dev/random, using
> > PRNGd is the best approach. IMO the built-in entropy code should
> > really be a last resort.
> >
> > -d
> >
> > --
> > | By convention there is color, \\ Damien Miller <djm at mindrot.org>
> > | By convention sweetness, By convention bitterness, \\ www.mindrot.org
> > | But in reality there are atoms and space - Democritus (c. 400 BCE)
> >
> >
>
Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082
Systems Programmer III, Network and Systems Services
finger -l ed at polycut.nss.udel.edu for PGP public key
More information about the openssh-unix-dev
mailing list