>>>>> "Philip" == Philip Charles <philipc@copyleft.co.nz> writes: Q1, I don't know the answer to, but I believe that your guess is right. [...] Philip> 2. Does ssh only use urandom once, that is to generate keys while it is Philip> configuring? Again I have assumed yes. I don't think the public/private key (i.e. host key) generation is much of an issue, since one should be able to generate these on a different machine with a good random number source, and copy them over. But ssh needs to generate a session key. Since public key crypto is slower than symmetric crypto, ssh only uses the host key to send a session key, which is used to do symmetric crypto. I don't know the *exact* details, but that's the general idea, and it's used in pretty much all public key crypto systems, or at least in the ones made by people who know what they're doing. -- Hubert Chan <hubert@uhoreg.ca> - http://www.uhoreg.ca/ PGP/GnuPG key: 1024D/124B61FA Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA Key available at wwwkeys.pgp.net. Encrypted e-mail preferred.
Attachment:
pgpd2KO8ZEPzq.pgp
Description: PGP signature