Hosting Provided By

Clarification: OpenSSH entropy sources?

From: Jonathan Sturges <jonathan(at)sprintmail.com>
Date: Fri May 02 2003 - 11:45:48 EDT

I got no reply from comp.security.ssh so I'm forwarding it to the list. Any straight answers on this tremendously appreciated.

thanks,
Jonathan

> I am building OpenSSL 0.9.7b and OpenSSH 3.6.1p1 under Solaris 8. My
> OpenSSL is configured to use the Solaris /dev/random supplied in
112438-01.
>
> With OpenSSH 3.6.1p1, how are entropy sources handled? During
> configuration, it identifies that OpenSSL's PRNG is internally seeded;
this
> is true, due to the existence of /dev/random.
>
> But, my confusion comes from the use of OpenSSH's rand-helper. If you run
> "configure" with "--with-rand-helper", at the end of the configuration you
> get:
>
> Random number source: ssh-rand-helper
internal
> source and just "fall back" to ssh-rand-helper if need be? I saw a
previous
> post where someone says the latter is true; however, due to the warning
you
> get at configuration time it makes me think it's only trying to use
> ssh-rand-helper and never tries OpenSSL's internal source. OTOH, I never
> get "PRNG not seeded" messages, so maybe it isn't starving for entropy.
> Can someone explain what is really happening?
>
> thanks!
> Jonathan
>
>
Received on Fri May 2 14:03:59 2003

This message: [ Message body ]
Next message: James and Shannon Woest: "Restricting sshd connections by server key file"
Previous message: N Powell: "X11 forwarding -Doh!"
In reply to David Steiner: "AIX 4.3.3/OpenSSH 3.5p1 compile problem"
Next in thread: Ben Lindstrom: "Re: Clarification: OpenSSH entropy sources?"
Reply: Ben Lindstrom: "Re: Clarification: OpenSSH entropy sources?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:58 EDT