Entropy collection in sshd (was Re: Entropy and DSA key)
Lutz Jaenicke
Lutz.Jaenicke at aet.TU-Cottbus.DE
Wed Nov 7 07:44:41 EST 2001
On Tue, Nov 06, 2001 at 08:57:01PM +0100, Gert Doering wrote:
> On Tue, Nov 06, 2001 at 12:48:53PM -0500, Ed Phillips wrote:
> > I'm not following you... the problem of "it takes 2 freakin minutes to get
> > logged into my SS1+" is a direct result of entropy collection performed by
> > sshd.
>
> No, it's not. I use NetBSD on a Sparc LX with /dev/random, and ssh takes
> still 2 minutes - the delay is NOT caused by the random number generation
> but by slow crypto on ancient Sparc hardware. ssh protocol 1 is much
> quicker (and also needs random).
I is hard to comment about a platform I don't know in detail, but I tend
to sit in front of a good old HP 9000/710 (1991?), 50MHz. It took me
some tries, but by tuning OpenSSL's flags I could gain a great deal
of performance. Have a look into the BN_LLONG and company flags.
Two minutes seems to be really slow to me.
Best regards,
Lutz
--
Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
More information about the openssh-unix-dev
mailing list