ssh-rand-helper

Dave Dykstra dwd at bell-labs.com
Wed Jan 23 07:47:23 EST 2002 

On Tue, Jan 22, 2002 at 02:45:08PM -0500, Dan Astoorian wrote:
> Now that ssh-rand-helper has been segregated into a separate program,
> I'd like to revisit an old question about its entropy gathering.

A related topic has had some discussion on the secureshell at securityfocus.com
recently in the thread "Question on prngd and slow OpenSSH".


> - would it be desirable to make it possible for ssh-rand-helper to fall
>   back to external commands if PRNGD cannot be reached, instead of
>   choosing one or the other at compile time?

Ben said we should use OpenSSL's interface into PRNGD (at least the socket
mode) instead and let ssh-rand-helper do running of commands.  I think that
makes sense.  I first learned about RAND_egd() from you so I know you are
familiar with it, but I finally got a chance to try it recently and I think
it's a good way to go.


> - When using PRNGD, the program gets 48 bytes of entropy from PRNGD,
>   stirs it into OpenSSL's RAND_add(), and outputs 48 bytes of
>   pseudorandom bytes based on this entropy.  Does this present any
>   advantage over just dumping the 48 bytes of entropy received from
>   PRNGD directly? 

I don't see any.  I thought it was peculiar for ssh-rand-helper to link
with OpenSSL at all, PRNGD doesn't.


> The semantics I'm envisioning here:
> 
>     Define USE_PRNGD, USE_CMDS, or both.
> 
>     Case 1: USE_PRNGD && USE_CMDS:
>       read_seedfile()
>       fetch 96 bytes from PRNGD
>       if successful
> 	output(bytes 1-48)
> 	RAND_add(bytes 49-96) /* for seedfile */
>       Otherwise
> 	stir_from_commands()
> 	stir_from_system()
> 	output(RAND_bytes(48))
> 
>       write_seedfile()
> 
>     Case 2: !USE_PRNGD && USE_CMDS:
>       read_seedfile()
>       stir_from_commands()
>       stir_from_system()
>       output(RAND_bytes(48))
>       write_seedfile()
> 
>     Case 3: USE_PRNGD && !USE_CMDS:
>       fetch 48 bytes from PRNGD
>       if successful
> 	output(bytes)
> 
> Note that the seedfile is always read and written if USE_CMDS is defined
> even if the entropy comes from PRNGD, so that there's a good seedfile
> available in case PRNGD goes away.
> 
> Would a patch (or rewrite) to implement this be welcome?

I'm thinking I'll write a patch for PRNGD to have an option to be the
ssh-rand-helper.   I also want it to skip the long "stir_from_commands"
if the seedfile is valid.

- Dave Dykstra

More information about the openssh-unix-dev mailing list