ssh-rand-helper

Damien Miller djm at mindrot.org
Wed Jan 23 10:10:58 EST 2002


On Wed, 2002-01-23 at 08:43, Dan Astoorian wrote:

> Now that djm has finally managed to fumigate the entropy-gathering cruft
> from entropy.c, I fear he might be reluctant to let RAND_egd() calls
> back into it.

I'd rather see some way to configure OpenSSL do fetch entropy from EGD
within the library itself. Currently it does this from /dev/urandom if
it is detected at compile time, so it isn't too great a step.

With the recent changes to portable OpenSSH, that would make mean that
you would not need to configure anything if your OpenSSL installation is
set up right.

> Older releases of OpenSSL don't have RAND_egd(), which is presumably the
> reason why the code to connect to it exists in ssh-rand-helper.c.

RAND_egd doesn't support fetching from a localhost socket either, at
least not in my version of OpenSSL.

-d





More information about the openssh-unix-dev mailing list