Re: ssh, /dev/urandom

To: tb@becket.net (Thomas Bushnell, BSG)
Cc: "Alfred M. Szmidt" <ams@kemisten.nu>, kilobug@freesurf.fr, sergipop@mx3.redestb.es, debian-hurd@lists.debian.org
Subject: Re: ssh, /dev/urandom
From: Oystein Viggen <oysteivi@tihlde.org>
Date: Wed, 18 Dec 2002 08:04:28 +0100
Message-id: <[🔎] 03vg1rerk3.fsf@msgid.viggen.net>
In-reply-to: <[🔎] 87u1hcw87u.fsf@becket.becket.net> (tb@becket.net's message of "17 Dec 2002 15:12:37 -0800")
References: <[🔎] Pine.LNX.4.44.0212160010130.7859-100000@stephen.copyleft.co.nz> <[🔎] 20021215202705.GB1097@aragorn> <[🔎] 20021215221126.A3963@l2.ponznet.net> <[🔎] E18NirN-0003Ib-00@lgh163a.kemisten.nu> <[🔎] plopm33coye2ld.fsf@drizzt.dyndns.org> <[🔎] E18NwLs-0003fU-00@lgh163a.kemisten.nu> <[🔎] plopm3lm2qc6b1.fsf@drizzt.dyndns.org> <[🔎] E18O0CD-0003pc-00@lgh163a.kemisten.nu> <[🔎] 20021217013456.GA30498@research.indocisc.com> <[🔎] E18OG7n-0004PK-00@lgh163a.kemisten.nu> <[🔎] 20021217153627.A15894@l2.ponznet.net> <[🔎] E18OKGC-0004WP-00@lgh163a.kemisten.nu> <[🔎] plopm3el8g4nec.fsf@drizzt.dyndns.org> <[🔎] E18OKyM-0004Xr-00@lgh163a.kemisten.nu> <[🔎] 87k7i8xy4o.fsf@becket.becket.net> <[🔎] E18ONbG-0004dW-00@lgh163a.kemisten.nu> <[🔎] 87y96owbf7.fsf@becket.becket.net> <[🔎] E18OQJw-0004jx-00@lgh163a.kemisten.nu> <[🔎] 87u1hcw87u.fsf@becket.becket.net>

* [Thomas Bushnell, BSG] 

> Ssh should provide a non-cryptographically secure mode (such as using
> hashes of the low time bits, for example) for use on systems without a
> real random bit source.

I believe it does even better, and provides a mode where it hashes the
output of "ps aux" and suchlike.  However, this mode has to be enabled
at compile time and the commands it uses probably tweaked a bit to fit
well into a GNU/Hurd system.

OpenSSH also provides support for EGD/prngd, which also has to be
enabled at compile time.  (oh, and last I checked (1-2 years ago),
Debian had no EGD or prngd packages, as they're pretty useless on Linux,
so somebody would have to package one of those, too).

Those wanting a good ssh package could spend their time writing a patch
for the ssh package to use one of these approaches on the Hurd, instead
of arguing about whether /bin/bash or /lib/libc.so.6 provides the best
randomness for /dev/urandom.

For the time being, telnet works quite well for me on my little home
network with a completely headless Debian GNU/Hurd system.

Oystein
-- 
This message was brought to you by the letter ß and the number e.

Reply to:

References:
- K1 images - final report?
  - From: Philip Charles <philipc@copyleft.co.nz>
- Re: K1 images - final report?
  - From: Robert Millan <zeratul2@wanadoo.es>
- Re: K1 images - final report?
  - From: pancake <sergipop@mx3.redestb.es>
- Re: K1 images - final report?
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: K1 images - final report?
  - From: kilobug@freesurf.fr (Gaël Le Mignot)
- Re: K1 images - final report?
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: K1 images - final report?
  - From: kilobug@freesurf.fr (Gaël Le Mignot)
- Re: K1 images - final report?
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- ssh, /dev/urandom (was: Re: K1 images - final report?)
  - From: Budi Rahardjo <budi@research.indocisc.com>
- Re: ssh, /dev/urandom (was: Re: K1 images - final report?)
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: ssh, /dev/urandom (was: Re: K1 images - final report?)
  - From: pancake <sergipop@mx3.redestb.es>
- Re: ssh, /dev/urandom (was: Re: K1 images - final report?)
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: ssh, /dev/urandom
  - From: kilobug@freesurf.fr (Gaël Le Mignot)
- Re: ssh, /dev/urandom
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: ssh, /dev/urandom
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: ssh, /dev/urandom
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: ssh, /dev/urandom
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: ssh, /dev/urandom
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: ssh, /dev/urandom
  - From: tb@becket.net (Thomas Bushnell, BSG)

Prev by Date: Re: ssh, /dev/urandom
Next by Date: Re: ssh, /dev/urandom
Previous by thread: Re: ssh, /dev/urandom
Next by thread: Re: K1 images - final report?
Index(es):
- Date
- Thread