Entropy and DSA key
Dave Dykstra
dwd at bell-labs.com
Wed Nov 7 05:21:02 EST 2001
On Tue, Nov 06, 2001 at 01:08:43PM -0500, Dan Astoorian wrote:
...
> - entropy-client: if PRNGD isn't running, runs the same programs
> PRNGD would to get its entropy (albeit less efficiently), mixes in
> and perturbs the same seed file.
>
> Note that "entropy-client" would have to be a privileged program, since
> the seed file is sensitive. Managing the seed file is important: you
> don't want to have a situation where the method you fall back to does
> not have good entropy because that method is seldom used, and this is
> why I think PRNGD and the one-shot command should be working together.
I was with you until that point. It's essential for me that the seed file
be able to be kept per user because I have no way of installing a
privileged program on most of the computers in my distribution. This is the
way ssh 1.2.27 did it.
- Dave Dykstra
More information about the openssh-unix-dev
mailing list