Correct me if I'm wrong, but init_rng() in entropy.c doesn't call seed_rng(), and in fact seed_rng() isn't called from _anywhere_ (in openssh-2.5.1p2). So calls to BN_rand() only pick up the tiny/non-existent amount of entropy added by BN_rand() itself from the system clock (time in seconds). Shouldn't seed_rng() be called from init_rng()? It should be called from _somewhere_, or deleted. Thanks, Dr. Tom Holroyd "I am, as I said, inspired by the biological phenomena in which chemical forces are used in repetitious fashion to produce all kinds of weird effects (one of which is the author)." -- Richard Feynman, _There's Plenty of Room at the Bottom_
On Wed, 14 Mar 2001, Tom Holroyd wrote:> Correct me if I'm wrong, but init_rng() in entropy.c doesn't call > seed_rng(), and in fact seed_rng() isn't called from _anywhere_ (in > openssh-2.5.1p2). So calls to BN_rand() only pick up the > tiny/non-existent amount of entropy added by BN_rand() itself from the > system clock (time in seconds). Shouldn't seed_rng() be called from > init_rng()? It should be called from _somewhere_, or deleted.It is called from arc4random_stir which is used fairly pervasively and also implicitly from arc4random. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer