Entropy and DSA key
mouring at etoh.eviladmin.org
mouring at etoh.eviladmin.org
Wed Nov 7 06:44:55 EST 2001
On Tue, 6 Nov 2001, Dave Dykstra wrote:
> > Before someone jumps up and starts screaming. I'm not proposing we
> > suddenly drop it. The proposal is this (not set in stone mind you):
> >
> > 3.1 - Make internal entropy --with-* option and not enabled by default.
> > Provide warnings at that screen and provide locations to PRNGd. Warn
> > about how it will be removed in a future release.
>
> I don't mind a configure option.
>
So can we at least agree that Internal Entropy should *NOT* be enabled
unless someone enables it via a ./configure option? At least starting in
3.1 and later?
> > 3.5 - ? Provide ability to link with a libprngd.a instead of compiling w/
> > our internal entropy.
>
> No problem. I assume libprngd.a would be part of the prngd package then,
> not the OpenSSH package, and since you wouldn't have to maintain it, it
> would make your life easier.
>
That was my initial idea yes.
> > 4.0 - ? Remove internal entropy code.
>
> Are you saying you would continue support of libprngd.a? If so, why not
> take out the internal entropy code at the same time you switch to libprngd.a
> in 3.5?
>
No. In my world view there needs to be an overlap. A few releases of
'warning' that the internal entropy code is being removed before it
actually occurs. This should be reserved for major release numbers.
- Ben
More information about the openssh-unix-dev
mailing list