Damien Miller djm at mindrot.org
Tue Oct 21 10:32:35 EST 2003

Henry Grebler wrote:
> I can't tell if I have a problem with OpenSSH, OpenSSL or with Sun's
> /dev/random (or some combination).

OpenSSL - we rely on the random pool routines there for randomness 
(unless you compile with EGD or builtin randomness support).

I don't know whether Sun saves a persistant seed for /dev/random across 
boots. They should IMO - there are so many commonalities in the boot 
process that the entropy collected there may be compromised.

You could add a "dd if=/dev/urandom of=/var/state/host.random bs=8192 
count=1" to a shutdown script and a symmetrical one to an early starup 

If Sun had followed the original design considerations for the Linux/BSD 
/dev/?random devices this wouldn't work. Manually adding randomness with 
dd would (by design) not increase the amount available from /dev/random. 
If one wanted added entropy to be debited to that available from 
/dev/random, then one had to add it using a special ioctl. The objective 
here was to make it easy to "stir" in semi-random data, without 
compromising the pools counters.


More information about the openssh-unix-dev mailing list