Re: ssh, /dev/urandom

To: "Alfred M. Szmidt" <ams@kemisten.nu>
Cc: budi@research.indocisc.com, debian-hurd@lists.debian.org
Subject: Re: ssh, /dev/urandom
From: kilobug@freesurf.fr (Gaël Le Mignot)
Date: Tue, 17 Dec 2002 13:36:21 +0100
Message-id: <[🔎] plopm3k7i84ybe.fsf@drizzt.dyndns.org>
In-reply-to: <[🔎] E18OG7n-0004PK-00@lgh163a.kemisten.nu> ("Alfred M. Szmidt"'s message of "Tue, 17 Dec 2002 12:42:59 +0100")
References: <[🔎] Pine.LNX.4.44.0212160010130.7859-100000@stephen.copyleft.co.nz> <[🔎] 20021215202705.GB1097@aragorn> <[🔎] 20021215221126.A3963@l2.ponznet.net> <[🔎] E18NirN-0003Ib-00@lgh163a.kemisten.nu> <[🔎] plopm33coye2ld.fsf@drizzt.dyndns.org> <[🔎] E18NwLs-0003fU-00@lgh163a.kemisten.nu> <[🔎] plopm3lm2qc6b1.fsf@drizzt.dyndns.org> <[🔎] E18O0CD-0003pc-00@lgh163a.kemisten.nu> <[🔎] 20021217013456.GA30498@research.indocisc.com> <[🔎] E18OG7n-0004PK-00@lgh163a.kemisten.nu>

Alfred a écrit : 

 >    I support the addition of ssh, *even* with a weak random.
 > There was never any talk about removing ssh.

 >    Now, what's current best practice? We use this:
 >       http://kilobug.free.fr/hurd/random-64.tar.gz
 >    Is there a better alternative(s)?

 > Or you can copy /bin/bash to /dev/urandom, they are just about equally
 > secure.

Of course not, since each time one app open /dev/urandom it gets the _same_
"random" data, which _absolutely_ not what you want. And I'm not sure at all
data are really "uniform" in bash or whatever. So yes, copying bash is worse,
and there is absolutely no cost to use the random translator as /dev/urandom.

And /dev/urandom is not really done for "cryptographic secure" randomness,
it's the goal of /dev/random, not /dev/urandom (and AFAIK ssh only uses
/dev/random for generating the keys).

-- 
Gael Le Mignot "Kilobug" - kilobug@nerim.net - http://kilobug.free.fr
GSM         : 06.71.47.18.22 (in France)   ICQ UIN   : 7299959
Fingerprint : 1F2C 9804 7505 79DF 95E6 7323 B66B F67B 7103 C5DA

Member of HurdFr: http://hurdfr.org - The GNU Hurd: http://hurd.gnu.org

Reply to:

Follow-Ups:
- Re: ssh, /dev/urandom
  - From: Werner Koch <wk@gnupg.org>

References:
- K1 images - final report?
  - From: Philip Charles <philipc@copyleft.co.nz>
- Re: K1 images - final report?
  - From: Robert Millan <zeratul2@wanadoo.es>
- Re: K1 images - final report?
  - From: pancake <sergipop@mx3.redestb.es>
- Re: K1 images - final report?
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: K1 images - final report?
  - From: kilobug@freesurf.fr (Gaël Le Mignot)
- Re: K1 images - final report?
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: K1 images - final report?
  - From: kilobug@freesurf.fr (Gaël Le Mignot)
- Re: K1 images - final report?
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- ssh, /dev/urandom (was: Re: K1 images - final report?)
  - From: Budi Rahardjo <budi@research.indocisc.com>
- Re: ssh, /dev/urandom (was: Re: K1 images - final report?)
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>

Prev by Date: Re: K1 images - final report?
Next by Date: Re: K1 images - final report?
Previous by thread: Re: ssh, /dev/urandom (was: Re: K1 images - final report?)
Next by thread: Re: ssh, /dev/urandom
Index(es):
- Date
- Thread