ssh-rand-helper
Damien Miller
djm at mindrot.org
Wed Jan 23 12:44:43 EST 2002
On Tue, 22 Jan 2002, Dan Astoorian wrote:
> > I am considering that, and if you look at the recent revisions to
> > ssh-rand-helper.c you'll see that the code has been restructured to make
> > this a more simple change.
>
> I only saw two mentions of ssh-rand-helper.c in the portable ChangeLog
> (your introduction of it on 12/22/2001 and Kevin's __progname change
> three days later), so I don't know what you mean by "recent revisions,"
> sorry. I just saw that, as of yesterday's snapshot, about 7/8ths of
> ssh-rand-helper.c is within the USE_PRNGD #ifdef-#else-#endif.
There may be some time skew between the late Australian evenings that
I commited the changes and the early Canadian mornings that the snapshots
are built. If you use anonCVS, then you should see all the changes.
> > But I _really_ don't like the command hashing
> > business and would much rather see it go in favor of an properly
> > maintained (by someone else!) Yarrow implementation.
>
> Unfortunately, I don't currently have that kind of time and
> cryptographic expertise to throw at the problem, or I'd offer to do
> that.
>
> I'm not familiar with Yarrow, and don't understand how any algorithm
> could generate entropy without some genuine source of randomness to
> start from. Isn't Yarrow just another PRNG, which still needs to be
> seeded with entropy from somewhere?
You are quite correct - Yarrow is just a system to maintain a
cryptographic random number source. Some people have used it to build
things like the command hashing part of ssh-rand-helper. The main
attraction is that it is purpose built and maintained by someone else.
-d
More information about the openssh-unix-dev
mailing list