Re: sshd fun
Oystein Viggen <oysteivi@tihlde.org> writes:
> Actually, I think I recognize some of the comments in that file from the
> Entropy Gathering Daemon, egd.pl, and I certainly recognize some of the
> examples (like getting a non-existant URL from lavarand :)
If so, they have probably looked at the cryptlib code; I haven't yet
looked into egd.
> Wouldn't it be a good idea to make new versions of lsh able to speak to
> EGD and compatible daemons (unless of course they already do)? OpenSSH
> already has that option (--with-egd-pool= in configure).
It might be. The main reason I haven't done that is that I don't want
the security of lsh to crucially depend on some other piece of code
that I don't understand. So I first have to look at and understand egd
and/or prngd, and I haven't taken the time to do that. (And it ought
to be a runtime switch, with only the default specified at compile
time).
> Having some pre-buffered entropy seems to work much better than
> trying to generate it on the fly.
Another possibility is sava some state to a file .lsh/random_seed,
like the original ssh did. Of course, such a file should be used in
addition to the any other randomness sources available.
> If you want to test prngd, you can find it here:
> http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
I'll put that on my TODO list.
/Niels
Reply to:
- References:
- sshd fun
- From: Oystein Viggen <oysteivi@tihlde.org>
- Re: sshd fun
- From: nisse@lysator.liu.se (Niels Möller)
- Re: sshd fun
- From: Oystein Viggen <oysteivi@tihlde.org>