search for: reseeded

...nnection from 10.78.0.8 port 39056 debug1: Client protocol version 2.0; client software version OpenSSH_5.6 debug1: match: OpenSSH_5.6 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.6 debug2: fd 3 setting O_NONBLOCK debug2: FIPS rand reseeded debug2: FIPS rand reseeded debug3: privsep user:group 74:74 debug1: permanently_set_uid: 74/74 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug2: Network child is on pid 27955 debug3: preauth child monitor started debug3: mm_request_receive entering debug1: do_cleanup I test this using ssh, like...

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

...ndom(9) is a generic-purpose random number generator based on the key stream generator of the RC4 cipher. It is expected to be cryptographically strong, and used throughout the FreeBSD kernel for a variety of purposes, some of which rely on its cryptographic strength. arc4random(9) is periodically reseeded with entropy from the FreeBSD kernel's Yarrow random number generator, which gathers entropy from a variety of sources including hardware interrupts. During the boot process, additional entropy is provided to the Yarrow random number generator from userland, helping to ensure that adequate ent...

...ndom(9) is a generic-purpose random number generator based on the key stream generator of the RC4 cipher. It is expected to be cryptographically strong, and used throughout the FreeBSD kernel for a variety of purposes, some of which rely on its cryptographic strength. arc4random(9) is periodically reseeded with entropy from the FreeBSD kernel's Yarrow random number generator, which gathers entropy from a variety of sources including hardware interrupts. During the boot process, additional entropy is provided to the Yarrow random number generator from userland, helping to ensure that adequate ent...

...nt software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_5.3 debug2: fd 3 setting O_NONBLOCK debug2: Network child is on pid 1991 debug3: preauth child monitor started debug2: FIPS rand reseeded debug3: mm_request_receive entering debug2: FIPS rand reseeded debug3: privsep user:group 74:74 debug1: permanently_set_uid: 74/74 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug3: Wrote 512 bytes for a total of 538 debug1: SSH2_MSG_KEXINIT received debug2: kex_parse...

On Oct 29, 2014 8:17 AM, "Ian Jackson" <Ian.Jackson at eu.citrix.com> wrote: > > Andy Lutomirski writes ("[Xen-devel] [RFC] Hypervisor RNG and enumeration"): > > Here's a draft CommonHV spec. It's also on github: > > https://github.com/amluto/CommonHV > > This a worthwhile direction to investigate, and an interesting > proposal. From a

On Oct 29, 2014 8:17 AM, "Ian Jackson" <Ian.Jackson at eu.citrix.com> wrote: > > Andy Lutomirski writes ("[Xen-devel] [RFC] Hypervisor RNG and enumeration"): > > Here's a draft CommonHV spec. It's also on github: > > https://github.com/amluto/CommonHV > > This a worthwhile direction to investigate, and an interesting > proposal. From a

http://bugzilla.mindrot.org/show_bug.cgi?id=1149 Summary: Does not build on QNX Product: Portable OpenSSH Version: 4.3p1 Platform: ix86 OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: bitbucket at mindrot.org ReportedBy: kraai at ftbfs.org

Just updated CentOS 9 Stream on a Lenovo T17 Gen 4 Intel and not it won't suspend with the following error: [ 52.604998] Restarting kernel threads ... done. [ 52.605111] OOM killer enabled. [ 52.605111] Restarting tasks ... done. [ 52.606604] random: crng reseeded on system resumption [ 52.616014] thermal thermal_zone9: failed to read out thermal zone (-61) [ 52.791625] PM: suspend exit [ 52.791733] PM: suspend entry (s2idle) [ 52.797260] Filesystems sync: 0.005 seconds [ 52.797579] Freezing user space processes ... (elapsed 0.001 seconds) done. [...

Hi. I experimented a bit with collecting entropy from the time it takes for device_attach() to run (in CPU cycles). It seems that those times have enough variation that we can use it for entropy harvesting. It happens even before root is mounted, so pretty early. On the machine I'm testing it, which has minimal kernel plus NIC driver I see 75 device_attach() calls. I'm being very careful

Just for peace of mind, can someone who knows the openssh code better than I do, confirm that openssh doesn't use (in any circumstances) the openssl prng (since the code in versions prior to 0.9.6b is rather weak). My understanding is that it doesn't (using either /dev/random, egd, prngd or the builtin code), but I may have missed some other use of the openssl prng elsewhere... -- Jon

I'm trying to understand the residuevqtrain program, and I have some questions for Monty, Erik, or anyone that understands how it's supposed to work. I captured TRAIN_RES data from an encoding of a single track (about 4:43), producing two files, residue_0.vqd (3727 lines, = 3727 points?) and residue_1.vqd (huge). I then did a run with the parameters from the usage message

On Thu, Jan 13, 2000 at 17:34:10, Andre Lucas wrote: > Subject: /dev/urandom > On Thu, Jan 13, 2000 at 09:24:01AM -0700, SysProg - Nathan Paul Simons wrote: > > On Thu, 13 Jan 2000, Ben Taylor wrote: > > > > > On Thu, 13 Jan 2000, Max Shaposhnikov wrote: > > > > why ssh1.27 doesn't requre /dev/urandom on solaris? > > > > i think the

On 12/28/18 2:55 PM, Richard W.M. Jones wrote: > Currently we use non-cryptographically secure random numbers in two > places, the error filter (to inject errors at random) and the random > plugin. For this we have used either random_r or a home-brew-ish > Linear Congruential Generator. Use of random_r is problematic on BSDs > because it doesn't exist there. Use of the LCG is

Hi, OpenSSH 7.4 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is

...e.h> + #include <resolv.h> + + #if defined(BSD) && (BSD >= 199103) + # include <unistd.h> + # include <stdlib.h> + # include <string.h> + #else + # include "../conf/portability.h" + #endif + + #define RU_OUT 180 /* Time after wich will be reseeded */ + #define RU_MAX 30000 /* Uniq cycle, avoid blackjack prediction */ + #define RU_GEN 2 /* Starting generator */ + #define RU_N 32749 /* RU_N-1 = 2*2*3*2729 */ + #define RU_AGEN 7 /* determine ru_a as RU_AGEN^(2*rand) */ + #defi...

OpenSSH 7.4 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. OpenSSH also includes transitional support for the legacy SSH 1.3 and 1.5 protocols that may be enabled at compile-time. Once again, we would like to thank the OpenSSH community

OpenSSH 7.4 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. OpenSSH also includes transitional support for the legacy SSH 1.3 and 1.5 protocols that may be enabled at compile-time. Once again, we would like to thank the OpenSSH community

v2: - Fix seeding. - Add a test that nbdkit-random-plugin is producing something which looks at least somewhat random. Rich.

Hi, We are preparing to release another stable OpenSSH soon, so once again we are asking for your help in testing CVS snapshots. Changes include: * ssh(1) now allows the optional specification of an address to bind to in port forwarding connections (local, remote and dynamic). See the -L, -R options in the ssh(1) man page as well as LocalForward and RemoteForward options in