/dev/random
Damien Miller
djm at mindrot.org
Tue Oct 21 10:32:35 EST 2003
Henry Grebler wrote:
> I can't tell if I have a problem with OpenSSH, OpenSSL or with Sun's
> /dev/random (or some combination).
OpenSSL - we rely on the random pool routines there for randomness
(unless you compile with EGD or builtin randomness support).
I don't know whether Sun saves a persistant seed for /dev/random across
boots. They should IMO - there are so many commonalities in the boot
process that the entropy collected there may be compromised.
You could add a "dd if=/dev/urandom of=/var/state/host.random bs=8192
count=1" to a shutdown script and a symmetrical one to an early starup
script.
If Sun had followed the original design considerations for the Linux/BSD
/dev/?random devices this wouldn't work. Manually adding randomness with
dd would (by design) not increase the amount available from /dev/random.
If one wanted added entropy to be debited to that available from
/dev/random, then one had to add it using a special ioctl. The objective
here was to make it easy to "stir" in semi-random data, without
compromising the pools counters.
-d
More information about the openssh-unix-dev
mailing list