Question on randomization

Damien Miller djm at
Tue Apr 11 10:52:24 EST 2006

On Mon, 10 Apr 2006, ponraj wrote:

> Hi ,
> I am using OpenSSH4.3p2. One of the fixes in this release says that random 
> seed generation is not necessary for each key generation and initial seed 
> will be served for the re-exec'ed processess. As better random seed will 
> yield better random number generation, how can we achieve true randomization 
> by one time random seed ?

For systems that lack an OpenSSL that has a internally seeded RNG
(either by /dev/random or via PRNGd), we pass a random seed from
the per-connection sshd (that is fork()ed after accept()ing a new
connection) along with the sshd_config and (maybe) the ephemeral SSH
protocol 1 key.

This seed is extracted from OpenSSL's random pool on the parent and
added to OpenSSL's random pool on the child. Technically it adds zero
entropy to the child's pool, but practically it desynchronises the 
two pools to the point that it would require (at the very minimum) the
existence of an effective pre-image attack on OpenSSL's random pool
hash function (SHA1 by default).


More information about the openssh-unix-dev mailing list