search for: reseeding

Hi, I was trying to run sshd after applying the fips patches mentioned in http://www.gossamer-threads.com/lists/engine?do=post_attachment;postatt_id=1835;list=openssh but for some reason sshd refuses to accept the connection. I guess I do something terribly wrong. Is there a reason that this is bound to fail? These 5.6 patches were the most recent I could find. Are there any fips patches

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08.11.arc4random Security Advisory The FreeBSD Project Topic: arc4random(9) predictable sequence vulnerability Category: core Module: sys Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08.11.arc4random Security Advisory The FreeBSD Project Topic: arc4random(9) predictable sequence vulnerability Category: core Module: sys Announced:

https://bugzilla.mindrot.org/show_bug.cgi?id=1197 kpimm at yahoo.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kpimm at yahoo.com --- Comment #7 from kpimm at yahoo.com --- I'm having likely the same problem as halsteaw. Can someone please

...ought to be providing a unbounded > stream of random numbers, rather than a fixed amount of seed. > I don't expect hypervisors to estimate the entropy available through this mechanism. Given that, the length of the stream is largely irrelevant, except that an unbounded stream allowed reseeding after boot. > > I think the most obvious approach would be to provide the VM, at > startup, with a page containing a fixed amount of random number seed, > along with some metatdata. > > Some platform-specific way of discovering the location of the page > would have to be defin...

...ought to be providing a unbounded > stream of random numbers, rather than a fixed amount of seed. > I don't expect hypervisors to estimate the entropy available through this mechanism. Given that, the length of the stream is largely irrelevant, except that an unbounded stream allowed reseeding after boot. > > I think the most obvious approach would be to provide the VM, at > startup, with a page containing a fixed amount of random number seed, > along with some metatdata. > > Some platform-specific way of discovering the location of the page > would have to be defin...

http://bugzilla.mindrot.org/show_bug.cgi?id=1149 Summary: Does not build on QNX Product: Portable OpenSSH Version: 4.3p1 Platform: ix86 OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: bitbucket at mindrot.org ReportedBy: kraai at ftbfs.org

Just updated CentOS 9 Stream on a Lenovo T17 Gen 4 Intel and not it won't suspend with the following error: [ 52.604998] Restarting kernel threads ... done. [ 52.605111] OOM killer enabled. [ 52.605111] Restarting tasks ... done. [ 52.606604] random: crng reseeded on system resumption [ 52.616014] thermal thermal_zone9: failed to read out thermal zone (-61) [ 52.791625] PM:

Hi. I experimented a bit with collecting entropy from the time it takes for device_attach() to run (in CPU cycles). It seems that those times have enough variation that we can use it for entropy harvesting. It happens even before root is mounted, so pretty early. On the machine I'm testing it, which has minimal kernel plus NIC driver I see 75 device_attach() calls. I'm being very careful

Just for peace of mind, can someone who knows the openssh code better than I do, confirm that openssh doesn't use (in any circumstances) the openssl prng (since the code in versions prior to 0.9.6b is rather weak). My understanding is that it doesn't (using either /dev/random, egd, prngd or the builtin code), but I may have missed some other use of the openssl prng elsewhere... -- Jon

...ample, I'm reading the first six lines as the first codevector, and so on.) I have more questions, but I'll stop here in case this is all just cluelessness on my part. --Mike $ residuevqtrain test_256_6_8_01_0 -p 256,6,8 -e .01 residue_0.vqd 128 colums per line in file residue_0.vqd reseeding with quantization.... Pass #0... : dist 0.361175(305.73) metric error=1.73526 cells shifted this iteration: 4 cell diameter: 4.66::10.3::36.8 (0 unused/79 dup) Pass #1... : dist 1.82539(305.73) metric error=9.36826 cells shifted this iteration: 32 cell diameter: 4.57::28.6::43.1 (5 unused/77 dup)...

On Thu, Jan 13, 2000 at 17:34:10, Andre Lucas wrote: > Subject: /dev/urandom > On Thu, Jan 13, 2000 at 09:24:01AM -0700, SysProg - Nathan Paul Simons wrote: > > On Thu, 13 Jan 2000, Ben Taylor wrote: > > > > > On Thu, 13 Jan 2000, Max Shaposhnikov wrote: > > > > why ssh1.27 doesn't requre /dev/urandom on solaris? > > > > i think the

...e analysis of the seeding function shows that there is no magic seed value which can result in random_state being all zeros. It's also nice that you keep explicit state here and separately in error.c, so that using the filter and the plugin together does not cause contention where the repeated reseeding from the plugin could negatively affect the error rates. > +++ b/tests/test-random.c > + * complete statistical study. > + */ > + for (i = 0; i < SIZE; ++i) { > + unsigned char c = (unsigned char) data[i]; > + histogram[c]++; > + } > + for (i = 0; i < 2...

...ent(1): Deny ptrace on OS X using ptrace(PT_DENY_ATTACH, ..) * ssh(1), sshd(8): Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL. * Fix compilation for libcrypto compiled without RIPEMD160 support. * contrib: Add a gnome-ssh-askpass3 with GTK+3 support. bz#2640 * sshd(8): Improve PRNG reseeding across privilege separation and force libcrypto to obtain a high-quality seed before chroot or sandboxing. * All: Explicitly test for broken strnvis. NetBSD added an strnvis and unfortunately made it incompatible with the existing one in OpenBSD and Linux's libbsd (the former havi...

...m = 31104 and a maximal period of m-1. + * + * The transaction id is determined by: + * id[n] = seed xor (g^X[n] mod n) + * + * Effectivly the id is restricted to the lower 15 bits, thus + * yielding two different cycles by toggling the msb on and off. + * This avoids reuse issues caused by reseeding. + * + * The 16 bit space is very small and brute force attempts are + * entirly feasible, we skip a random number of transaction ids + * so that an attacker will not get sequential ids. + */ + + #include <sys/types.h> + #include <netinet/in.h> + #include <sys/time.h> + #incl...

...ent(1): Deny ptrace on OS X using ptrace(PT_DENY_ATTACH, ..) * ssh(1), sshd(8): Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL. * Fix compilation for libcrypto compiled without RIPEMD160 support. * contrib: Add a gnome-ssh-askpass3 with GTK+3 support. bz#2640 * sshd(8): Improve PRNG reseeding across privilege separation and force libcrypto to obtain a high-quality seed before chroot or sandboxing. * All: Explicitly test for broken strnvis. NetBSD added an strnvis and unfortunately made it incompatible with the existing one in OpenBSD and Linux's libbsd (the former havi...

...ent(1): Deny ptrace on OS X using ptrace(PT_DENY_ATTACH, ..) * ssh(1), sshd(8): Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL. * Fix compilation for libcrypto compiled without RIPEMD160 support. * contrib: Add a gnome-ssh-askpass3 with GTK+3 support. bz#2640 * sshd(8): Improve PRNG reseeding across privilege separation and force libcrypto to obtain a high-quality seed before chroot or sandboxing. * All: Explicitly test for broken strnvis. NetBSD added an strnvis and unfortunately made it incompatible with the existing one in OpenBSD and Linux's libbsd (the former havi...

v2: - Fix seeding. - Add a test that nbdkit-random-plugin is producing something which looks at least somewhat random. Rich.

Hi, We are preparing to release another stable OpenSSH soon, so once again we are asking for your help in testing CVS snapshots. Changes include: * ssh(1) now allows the optional specification of an address to bind to in port forwarding connections (local, remote and dynamic). See the -L, -R options in the ssh(1) man page as well as LocalForward and RemoteForward options in