Regarding the optional OpenSSL integration for the portable version

Brent Cook busterb at gmail.com
Mon May 5 12:48:15 EST 2014 

On May 4, 2014, at 3:56 PM, Ángel González <keisial at gmail.com> wrote:

> On 02/05/14 21:40, William Ahern wrote:
>> Linux
>> also has an obscure sysctl which pulls directly from the internal CSPRNG. So
>> all of these will work in a jail without /dev or /proc.
> 
> That's cool, but as stated on Linux sysctl(2):
>> NOTES
>>       Glibc does not provide a wrapper for this system call; call it using syscall(2).  Or rather...  don't call it: use of
>>       this system call has long been discouraged, and it is so unloved that it is likely to disappear in  a  future  kernel
>>       version.   Since  Linux  2.6.24,  uses of this system call result in warnings in the kernel log.  Remove it from your
>>       programs now; use the /proc/sys interface instead.
>> 
>>       This system call is available only if the kernel was configured with the CONFIG_SYSCTL_SYSCALL option.
> 
> And indeed, trying a test program calling CTL_KERN, KERN_RANDOM, RANDOM_UUID (from your code) prints
>> warning: process `sysctl-rand' used the deprecated sysctl system call with 1.40.6.
> 
> and returned with ENOSYS (the kernel was compiled without CONFIG_SYSCTL_SYSCALL).
> 
> 
> So I don't think it's a suitable primary mean to gather random data under Linux. :-(
> 
> I encourage you to raise at lkml the need to have a dev-less random data source, though.
> 


libevent’s RNG mentions similar issues: https://github.com/libevent/libevent/blob/master/arc4random.c#L340

Any opinion on HAVEGE as an additional entropy source? PolarSSL / XYSSL appear to use it as their primary source of entropy. I extracted the main bits from the last BSD release of XYSSL for testing:

https://gist.github.com/busterb/631e2cf61a55de87d6b8

Seems like it might be better than concatenating a lot of ‘junk’ when all else fails, at least if you can trust the cycle counter to do the right thing (maybe not in a VM).

Botan also has a few novel sources of entropy implemented like process walk times and running random processes (like PRNGD does): https://github.com/randombit/botan/tree/net.randombit.botan/src/lib/entropy

I have to admit I’m surprised at the number of projects that have sort-of solved this problem independently. It seems like an entropy gathering library could live as a standalone project.

More information about the openssh-unix-dev mailing list