OpenSSH (portable) and entropy gathering
Damien Miller
djm at mindrot.org
Thu Oct 4 11:31:18 EST 2001
On Fri, 28 Sep 2001, Dan Astoorian wrote:
> On Thu, 27 Sep 2001 20:41:05 EDT, Damien Miller writes:
> > On Thu, 27 Sep 2001, Dan Astoorian wrote:
> > > Is this a feature the OpenSSH Portability Team would consider
> > > worthwhile?
> >
> > Probably not - in fact we want to deprecate the built in entropy
> > collection in favor of the use of a daemon or subprocess.
>
> I can understand that desire, and I don't mean to be argumentative, but
> I'm looking at it from the standpoint of a sysadmin. Right now, my
> systems use the internal entropy gathering. I _want_ to move to PRNGD.
> However, I don't want my systems to stop working entirely if PRNGD isn't
> running or if its socket gets clobbered. For instance, I need the
> ability to run ssh *clients* from the console in single-user mode,
> before PRNGD has started up.
In these cases the built-in prng is just about useless as most of its
sources of entropy assume an active system.
I would like to replace the built in prng with a choice of /dev/random
(or equiv), EGD/PRNGd and a new option to execute a subprocess which
dumps entropy to stdout.
-d
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
More information about the openssh-unix-dev
mailing list