Displaying 20 results from an estimated 22 matches for "reseeded".
2011 Sep 25
0
sshd 5.6p1 does not accept connections in fips mode
...nnection from 10.78.0.8 port 39056
debug1: Client protocol version 2.0; client software version OpenSSH_5.6
debug1: match: OpenSSH_5.6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug2: fd 3 setting O_NONBLOCK
debug2: FIPS rand reseeded
debug2: FIPS rand reseeded
debug3: privsep user:group 74:74
debug1: permanently_set_uid: 74/74
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug2: Network child is on pid 27955
debug3: preauth child monitor started
debug3: mm_request_receive entering
debug1: do_cleanup
I test this using ssh, like...
2008 Apr 21
3
FIPS 140-2 OpenSSL(2007) patches
Hi,
I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with
FIPS 140-2 OpenSSL.
These are based on previously reported patches by Steve Marquess
<marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>,
for ver. OpenSSH 3.8.
Note that these patches are NOT OFFICIAL, and MAY be used freely by
anyone.
Issues [partially] handled:
SSL FIPS Self test.
RC4,
2008 Nov 24
5
FreeBSD Security Advisory FreeBSD-SA-08:11.arc4random
...ndom(9) is a generic-purpose random number generator based on the
key stream generator of the RC4 cipher. It is expected to be
cryptographically strong, and used throughout the FreeBSD kernel for a
variety of purposes, some of which rely on its cryptographic strength.
arc4random(9) is periodically reseeded with entropy from the FreeBSD
kernel's Yarrow random number generator, which gathers entropy from a
variety of sources including hardware interrupts. During the boot
process, additional entropy is provided to the Yarrow random number
generator from userland, helping to ensure that adequate ent...
2008 Nov 24
5
FreeBSD Security Advisory FreeBSD-SA-08:11.arc4random
...ndom(9) is a generic-purpose random number generator based on the
key stream generator of the RC4 cipher. It is expected to be
cryptographically strong, and used throughout the FreeBSD kernel for a
variety of purposes, some of which rely on its cryptographic strength.
arc4random(9) is periodically reseeded with entropy from the FreeBSD
kernel's Yarrow random number generator, which gathers entropy from a
variety of sources including hardware interrupts. During the boot
process, additional entropy is provided to the Yarrow random number
generator from userland, helping to ensure that adequate ent...
2010 Jul 23
0
[Bug 1197] Enhancement request to enable fips compatibility mode in OpenSSH
...nt software version
OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug2: Network child is on pid 1991
debug3: preauth child monitor started
debug2: FIPS rand reseeded
debug3: mm_request_receive entering
debug2: FIPS rand reseeded
debug3: privsep user:group 74:74
debug1: permanently_set_uid: 74/74
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 512 bytes for a total of 538
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse...
2014 Oct 29
3
[Xen-devel] [RFC] Hypervisor RNG and enumeration
On Oct 29, 2014 8:17 AM, "Ian Jackson" <Ian.Jackson at eu.citrix.com> wrote:
>
> Andy Lutomirski writes ("[Xen-devel] [RFC] Hypervisor RNG and enumeration"):
> > Here's a draft CommonHV spec. It's also on github:
> > https://github.com/amluto/CommonHV
>
> This a worthwhile direction to investigate, and an interesting
> proposal. From a
2014 Oct 29
3
[Xen-devel] [RFC] Hypervisor RNG and enumeration
On Oct 29, 2014 8:17 AM, "Ian Jackson" <Ian.Jackson at eu.citrix.com> wrote:
>
> Andy Lutomirski writes ("[Xen-devel] [RFC] Hypervisor RNG and enumeration"):
> > Here's a draft CommonHV spec. It's also on github:
> > https://github.com/amluto/CommonHV
>
> This a worthwhile direction to investigate, and an interesting
> proposal. From a
2006 Feb 02
19
[Bug 1149] Does not build on QNX
http://bugzilla.mindrot.org/show_bug.cgi?id=1149
Summary: Does not build on QNX
Product: Portable OpenSSH
Version: 4.3p1
Platform: ix86
OS/Version: other
Status: NEW
Severity: normal
Priority: P2
Component: Build system
AssignedTo: bitbucket at mindrot.org
ReportedBy: kraai at ftbfs.org
2024 Jan 11
1
No suspend after update
Just updated CentOS 9 Stream on a Lenovo T17 Gen 4 Intel and not it
won't suspend with the following error:
[ 52.604998] Restarting kernel threads ... done.
[ 52.605111] OOM killer enabled.
[ 52.605111] Restarting tasks ... done.
[ 52.606604] random: crng reseeded on system resumption
[ 52.616014] thermal thermal_zone9: failed to read out thermal zone (-61)
[ 52.791625] PM: suspend exit
[ 52.791733] PM: suspend entry (s2idle)
[ 52.797260] Filesystems sync: 0.005 seconds
[ 52.797579] Freezing user space processes ... (elapsed 0.001 seconds) done.
[...
2012 Sep 18
8
Collecting entropy from device_attach() times.
Hi.
I experimented a bit with collecting entropy from the time it takes for
device_attach() to run (in CPU cycles). It seems that those times have
enough variation that we can use it for entropy harvesting. It happens
even before root is mounted, so pretty early.
On the machine I'm testing it, which has minimal kernel plus NIC driver
I see 75 device_attach() calls. I'm being very careful
2001 Jul 11
1
OpenSSL PRNG
Just for peace of mind, can someone who knows the openssh code better than
I do, confirm that openssh doesn't use (in any circumstances) the openssl
prng (since the code in versions prior to 0.9.6b is rather weak).
My understanding is that it doesn't (using either /dev/random, egd, prngd or
the builtin code), but I may have missed some other use of the openssl prng
elsewhere...
-- Jon
2000 Dec 20
2
questions re residuevqtrain
I'm trying to understand the residuevqtrain program, and I have some questions
for Monty, Erik, or anyone that understands how it's supposed to work.
I captured TRAIN_RES data from an encoding of a single track (about 4:43),
producing two files, residue_0.vqd (3727 lines, = 3727 points?) and
residue_1.vqd (huge). I then did a run with the parameters from the usage
message
2000 Jan 27
6
EGD requirement a show stopper for me
On Thu, Jan 13, 2000 at 17:34:10, Andre Lucas wrote:
> Subject: /dev/urandom
> On Thu, Jan 13, 2000 at 09:24:01AM -0700, SysProg - Nathan Paul Simons wrote:
> > On Thu, 13 Jan 2000, Ben Taylor wrote:
> >
> > > On Thu, 13 Jan 2000, Max Shaposhnikov wrote:
> > > > why ssh1.27 doesn't requre /dev/urandom on solaris?
> >
> > i think the
2018 Dec 31
1
Re: [PATCH v2 nbdkit] common: Improve pseudo-random number generation.
On 12/28/18 2:55 PM, Richard W.M. Jones wrote:
> Currently we use non-cryptographically secure random numbers in two
> places, the error filter (to inject errors at random) and the random
> plugin. For this we have used either random_r or a home-brew-ish
> Linear Congruential Generator. Use of random_r is problematic on BSDs
> because it doesn't exist there. Use of the LCG is
2016 Dec 14
17
Call for testing: OpenSSH 7.4
Hi,
OpenSSH 7.4 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release contains some
substantial new features and a number of bugfixes.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is
1997 Apr 22
1
SNI-12: BIND Vulnerabilities and Solutions (fwd)
...e.h>
+ #include <resolv.h>
+
+ #if defined(BSD) && (BSD >= 199103)
+ # include <unistd.h>
+ # include <stdlib.h>
+ # include <string.h>
+ #else
+ # include "../conf/portability.h"
+ #endif
+
+ #define RU_OUT 180 /* Time after wich will be reseeded */
+ #define RU_MAX 30000 /* Uniq cycle, avoid blackjack prediction */
+ #define RU_GEN 2 /* Starting generator */
+ #define RU_N 32749 /* RU_N-1 = 2*2*3*2729 */
+ #define RU_AGEN 7 /* determine ru_a as RU_AGEN^(2*rand) */
+ #defi...
2016 Dec 19
2
Announce: OpenSSH 7.4 released
OpenSSH 7.4 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support. OpenSSH also includes
transitional support for the legacy SSH 1.3 and 1.5 protocols
that may be enabled at compile-time.
Once again, we would like to thank the OpenSSH community
2016 Dec 19
2
Announce: OpenSSH 7.4 released
OpenSSH 7.4 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support. OpenSSH also includes
transitional support for the legacy SSH 1.3 and 1.5 protocols
that may be enabled at compile-time.
Once again, we would like to thank the OpenSSH community
2018 Dec 28
2
[PATCH v2 nbdkit] common: Improve pseudo-random number generation.
v2:
- Fix seeding.
- Add a test that nbdkit-random-plugin is producing something
which looks at least somewhat random.
Rich.
2005 Mar 02
12
Call for release testing
Hi,
We are preparing to release another stable OpenSSH soon, so once
again we are asking for your help in testing CVS snapshots.
Changes include:
* ssh(1) now allows the optional specification of an address to bind to
in port forwarding connections (local, remote and dynamic). See the
-L, -R options in the ssh(1) man page as well as LocalForward and
RemoteForward options in