Entropy and DSA key

Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE
Wed Nov 7 03:23:36 EST 2001 

On Tue, Nov 06, 2001 at 09:54:12AM -0600, Dave Dykstra wrote:
> > This has been talked about between Damien and myself, but the more I think
> > about it.  The more I don't like the idea.  I'd rather sometime down the
> > road make a clean break of our internal entropy system (Yes, Damien, I'm
> > changing my tune.. <smile>).  If anything work to allow for a libprng.a
> > which could be compiled into OpenSSH if someone so wants internal entropy.
> > 
> > Yes (as some will argue) it adds another dependancy for those OSes without
> > /dev/random, but I think it would be best for everyone in the end.
> > 
> > Before someone jumps up and starts screaming.  I'm not proposing we
> > suddenly drop it.  The proposal is this (not set in stone mind you):
> > 
> > 3.1 - Make internal entropy --with-* option and not enabled by default.
> > Provide warnings at that screen and provide locations to PRNGd.  Warn
> > about how it will be removed in a future release.
> 
> I don't mind a configure option.
> 
> > 3.5 - ? Provide ability to link with a libprngd.a instead of compiling w/
> > our internal entropy.
> 
> No problem.  I assume libprngd.a would be part of the prngd package then,
> not the OpenSSH package, and since you wouldn't have to maintain it, it
> would make your life easier.

I am not sure about the impacts of this proposal :-)
I assume that "libprngd.a" would contains the configuration of the entropy
gathering commands and the call of the gatherer processes itself!?
At least by now the scheduling is interlinked with the code responsible
to serve the communication socket...

In a certain sense the work to do is offloaded from the OpenSSH portable team
(OpenSSH/OpenBSD has /dev/urandom) to me...
At this point I have to state that my term at the university is over and I
am looking for a new job, which is not that easy these days (provided that
for personal reasons I am somewhat bound to Berlin/Germany and that with 37
I am already a really old guy...). I therefore cannot make any promise
about the time I can spend on the PRNGd project in the future. (I do take my
security work very seriously and rather do not promise anything than promise
something I cannot hold.) And I already have quite some backlog of submissions
for PRNGd, but it seems that the nice sunny whether is over anyway :-)

> Dan Astoorian sent me a private email about a month ago saying that he had
> communicated with Lutz Janiecke, the author of PRNGD and an OpenSSL
> developer, about having a one-shot mode on PRNGD where it can collect all
> the entropy and return the random number to stdout and then exit rather
> than be long running.  That sounds like a great idea because the code would
> then not need to be duplicated in OpenSSH.   The extra fork/exec overhead
> would not be noticed compared with all the other programs PRNGD runs,
> especially if it only needs to be run the first time you run ssh as I think
> it ought.
> 
> Even better, what would make the most sense is for OpenSSL to support the
> one-shot PRNGD as well as the long running PRNGD.  Then entropy collection
> could be completely removed from OpenSSH, there'd be no need for libprngd.a,
> and everybody would be happy.  Surely other applications that use OpenSSL
> have this exact same problem, and OpenSSL already has support for PRNGD.

I don't see yet, in how far a "one shot" prngd would be different from
the internal entropy collection code. It does cause a delay until enough
entropy was gathered. Granted, it would allow for a cleaner implementation
than having the code built-in, but for understandable reasons collecting
entropy requires the effort to collect the entropy :-)
Using a seed-save file helps, but somebody could steal it, so that calling
external gatherers at the time the cryptographic routines are started up
is an important issue.

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke at aet.TU-Cottbus.DE
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153

More information about the openssh-unix-dev mailing list