Entropy and DSA key
Damien Miller
djm at mindrot.org
Wed Nov 7 11:51:45 EST 2001
On Tue, 6 Nov 2001, Ed Phillips wrote:
> > I don't buy that argument. If somebody has the ability to steal your
> > seed-save file, that means your system has already been compromised so I
> > don't see the point of trying to secure it further, certainly not at such a
> > high cost of time spent on every ssh client startup. I think the only
> > thing to worry about is an external attacker.
>
> Well put. I agree. Sometimes, in all the security "hub-bub" I think
> people fail to realize some of these simple things. For anyone who has
> slower, older systems to support (we only have approximately 100 Suns
> ranging from SS1+ to 6800), the fact that ssh takes 2 minutes instead of 5
> seconds has immense system administrative ramifications. For example, if
> you want to change the root password on every system - get ready to spend
> the whole weekend...
Crap - you can use PRNGd and not have any problem at all. That is why
it is RECOMMENDED.
-d
--
| By convention there is color, \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)
More information about the openssh-unix-dev
mailing list