New feature: remote entropy gatherer port

Alex Muntada alexm+openssh at ac.upc.es
Thu Oct 4 00:07:00 EST 2001


The purpose of my patch was to avoid installing prngd/egd
locally in every host from our environment (we run many
different OSes lacking a random device). Since the main servers
are protected through our firewall, having an internal entropy
host didn't seem so bad (crashes and DoSes, aside).

I agree that the best solution is that the OS itself provides
such a random device and having a local PRNG daemon can help when
random device is weak or missing. The entropy host approach is
dangerous by means of security, even if running from a local
firewalled network.

Thanks for your feedback.

--
Alex Muntada <alexm at ac.upc.es>
http://people.ac.upc.es/alexm/



More information about the openssh-unix-dev mailing list