Entropy gathering from multiple sources (redundancy)

Peter W peterw at usa.net
Wed Nov 7 08:57:10 EST 2001


On Tue, Nov 06, 2001 at 03:03:10PM -0500, Ed Phillips wrote:

> My preference is close
> to what Dan has suggested for the order of where sshd should look when
> trying to get some random bits:
> 
> 1) Try /dev/[u]random.
> 2) Try PRNGD.
> 3) Try an improved "internal entropy collection" method that doesn't
>    involving running commands for each client connection.

What I like about this suggestion is the basic notion of *redundancy*. We've 
been using the internal commands for OpenSSH in part because that's the 
default config, and in part because the idea of relying on 'prngd' or 
'egd.pl' to be up & running properly for a critical service like SSH is 
frightening (from a single point of failure to multiple points of failure). 
I'd like to be able to specify something like
 - try /dev/urandom if it exists
 - else try egd's pool
 - else fall back on prngd's pool
 - else fall back on ssh_prng_cmds

Obviously this is mainly a problem with OSes like Solaris that do not
provide kernel-based random data sources that we can rely on.

It would be nice to specify different pools (or lists of pools) for sshd vs. 
the client applications, and it would be nice for users to be able to 
specify their own pools for their clients. Reasons being
 1) I prefer that true entropy sources like /dev/random not be world-accessible
 2) Some users may be granted access to such sources (e.g. wheel group)
 3) On some system (e.g. shell accounts) users may want to use better 
    entropy sources for their clients than the system admin has specified
    (e.g. /dev/urandom instead of ssh_prng_cmds)

Thanks to all (especially those helping me off-list),

-Peter



More information about the openssh-unix-dev mailing list