Killing the builtin entropy code

Booker C. Bense bbense at networking.stanford.edu
Sat Jan 5 03:25:47 EST 2002


On Sun, 30 Dec 2001, Booker C. Bense wrote:

> On Mon, 24 Dec 2001, Damien Miller wrote:
>
> > On Fri, 21 Dec 2001, Damien Miller wrote:
> >
> > > Over the holidays, I intend to finally rid portable OpenSSH of the
> > > builtin entropy collection code. Here's what I intend to do:
> >
> > Have done :)
> >
> > Hopefully someone else will step up to the plate and write or port
> > a proper Yarrow PRNG.
> >
>
> - I have made a start using the Yarrow library provided at
>
> http://opensource.zeroknowledge.com/yarrow/
>
> This was the only unix Yarrow implementation I could find,
> it seems pretty "beta" at best. It still has the problem
> of figuring out good entrophy estimators. Once the code
> compiles I'll hand it out, but I'm not sure it will actually
> be any improvement.
>

- Well, I've poked around some more and come up with another
alternative. The problem is that the zkyarrow implementation is just
"yarrow", and not the gathering of entropy. It's fairly easy to adapt
the openssh entrophy gatherers to this zkyarrow code, but the problem
is that yarrow appears to be somewhat of a dead end.

- The successor to Yarrow is Tiny. It's authors include one of the
Yarrow designers. Tiny is implemented by the egads software[A]. The
code is a much more complete implementation. There are a few problems
however,

1. The tiny algorithm is new and not published as anything other
than src code, however it's mostly Yarrow with a different
entrophy gathering scheme.

2. The code requires an external deamon to gather entrophy.

3. The license is GPL, but the author seems flexible on this
issue.

- In application, the code looks much like egd. It would be
trivial to write ssh-rand-helper using the provided api.
It would be not much more work to avoid the Egads library
code and just talk to the egads daemon directly. This
would avoid license issues.

Unfortunately, this would not be useful as the "default"
rand helper, for much the same reasons that egd is not a
suitable default. If we really wanted to we could rip the
guts out of the egads deamon and insert it into ssh-rand-helper
to use it as the default. If I understand correctly, this
would require a license change for egads and a fair bit
of work. I guess what I'm really fishing for here is
requirements.

- Booker C. Bense

[A]- Available at

	http://www.securesw.com/egads/Index.html






More information about the openssh-unix-dev mailing list