bugzilla-daemon at mindrot.org
2001-Dec-12 00:46 UTC
[Bug 13] Need faster ssh startup when no /dev/random or prngd available
http://bugzilla.mindrot.org/show_bug.cgi?id=13 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |enhancement ------- Additional Comments From djm at mindrot.org 2001-12-12 11:46 ------- I don't like this - you could easily end up in a situation where you end up using essentially the same seed over and over again. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Dave Dykstra
2001-Dec-12 14:53 UTC
[Bug 13] Need faster ssh startup when no /dev/random or prngd available
On Wed, Dec 12, 2001 at 11:46:43AM +1100, bugzilla-daemon at mindrot.org wrote:> http://bugzilla.mindrot.org/show_bug.cgi?id=13 > > djm at mindrot.org changed: > > What |Removed |Added > ---------------------------------------------------------------------------- > Severity|normal |enhancement > > > > ------- Additional Comments From djm at mindrot.org 2001-12-12 11:46 ------- > I don't like this - you could easily end up in a situation where you end up > using essentially the same seed over and over again.I put the following response into bugzilla, but for some reason it didn't send email to anybody: ------- Additional Comments From Dave Dykstra 2001-12-13 01:31 ------- No, that's not true, because every startup still adds small amounts of easily gathered entropy. You could argue that that means people could guess all the possibilities and try them all, but they can't because they do not know the contents of the seed file which was originally generated from a large amount of entropy. The only added risk is that somebody may get hold of the seed file, but if the ~/.ssh directory is not secured someone could easily break in anyway so I maintain that it doesn't add any more overall risk. There is no way for someone to guess the contents of the seed file by examining network traffic because the psuedo-random number generation process is not reversible. As an added protection, the seed file is re-written with additional entropy mixed in each time ssh is run. You don't have to rely on just my arguments, either: the SSH 1.2.* series did this and there was never any CERT advisories nor complaints from crypto experts about it, and pointing out SSH weaknesses have brought fame to many of them so I'm sure that if there was a weakness here you would have heard about it. Also, GnuPG does essentially the same thing on systems that don't have /dev/random.
bugzilla-daemon at mindrot.org
2001-Dec-28 13:57 UTC
[Bug 13] Need faster ssh startup when no /dev/random or prngd available
http://bugzilla.mindrot.org/show_bug.cgi?id=13 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX ------- Additional Comments From djm at mindrot.org 2001-12-29 00:57 ------- This is redundant now. You can implement whatever local policy you like using shell script wrappers around the new ssh-rand-helper in -current CVS ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Reasonably Related Threads
- [Bug 13] New: Need faster ssh startup when no /dev/random or prngd available
- [Bug 953] openssh session hanging - prngd[671]: write() in socket_write() failed: Broken pipe
- Killing the builtin entropy code
- openssh / prngd unresolved bug since 2002, need help
- ssh-keygen hangs with empty prngd.conf - bug ?