ssh-rand-helper
Damien Miller
djm at mindrot.org
Wed Jan 23 10:10:58 EST 2002
On Wed, 2002-01-23 at 08:43, Dan Astoorian wrote:
> Now that djm has finally managed to fumigate the entropy-gathering cruft
> from entropy.c, I fear he might be reluctant to let RAND_egd() calls
> back into it.
I'd rather see some way to configure OpenSSL do fetch entropy from EGD
within the library itself. Currently it does this from /dev/urandom if
it is detected at compile time, so it isn't too great a step.
With the recent changes to portable OpenSSH, that would make mean that
you would not need to configure anything if your OpenSSL installation is
set up right.
> Older releases of OpenSSL don't have RAND_egd(), which is presumably the
> reason why the code to connect to it exists in ssh-rand-helper.c.
RAND_egd doesn't support fetching from a localhost socket either, at
least not in my version of OpenSSL.
-d
More information about the openssh-unix-dev
mailing list