Entropy and DSA key
Lutz Jaenicke
Lutz.Jaenicke at aet.TU-Cottbus.DE
Wed Nov 7 07:51:35 EST 2001
On Tue, Nov 06, 2001 at 01:38:40PM -0600, mouring at etoh.eviladmin.org wrote:
> I would perfer OpenSSL handle all the entropy behind the scenes. It would
> make our life easier in the portable group. However it only removes
> around 1000 lines of code in a 55,000 line project (I'm refering to
> portable. OpenBSD's ssh tree is 45,000 lines.).
I would not expect this to happen. OpenSSL is used by a lot of security
relevant applications, many of them running with root permission.
The OpenSSL library does contact the hardcoded /dev/[u]random location
and will query some hardcoded locations for a PRNGd/EGD socket.
I don't think a library should do things beyond this level. I really
don't want a library to try and run commands (maybe with root permission)
behind my back.
Best regards,
Lutz
--
Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
More information about the openssh-unix-dev
mailing list