Entropy collection in sshd (was Re: Entropy and DSA key)

[Darren J Moffat]

Lutz Jaenicke wrote:

> The problem is not sshd. sshd startup only happens once and it does not
> matter whether it takes 0.5 seconds or 5 seconds; the server will be up
> for hours/days/weeks anyway. (Re-seeding should happen over time.)


Startup time is important, both for the master listening daemon and
for the children it forks to handle connections.

It might not matter to you but on servers that have uptime guarantees
specified in the fractions of a percent very little second on a reboot
counts.

5 seconds on a test machine could translate into 30 on a production
machine or older hardware.

I'm infavour of removing all entropy gathering code from OpenSSH,
including the use of arc4random and the private pool it keeps. I would
much rather see /dev/urandom used directly each time. I have
profiled this on Solaris and there wasn't a noticable difference in
performance for time spent reading /dev/urandom verses using arc4random.
What I did was open /dev/urandom the first time it was needed and leave
it open for the duration but just read the requested number of bytes
from it each time.  Doing this has the side effect that rc4 can be
removed from the list of required crypto algorithms.

--
Darren J Moffat