[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL

Oh, and note that OpenSSH Portable uses RAND_bytes from libssl to seed
its arc4random implementation.

So AFAICT if you were to link OpenSSH Portable against LibreSSL
Portable, it would get really crazy:

/dev/urandom or sysctl or scary fallback ->
LibreSSL Portable getentropy ->
LibreSSL Portable arc4random.c (ChaCha-20) ->
LibreSSL RAND_bytes ->
OpenSSH Portable arc4random.c (ChaCha-20) ->
OpenSSH

with the stream cipher, seeding and stirring all happening twice.

So I really like the idea of both getting an arc4random implementation
from one place, such as libbsd.

Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org
Reply to: