Re: ssh, /dev/urandom
Budi Rahardjo <budi@research.indocisc.com> writes:
> On Wed, Dec 18, 2002 at 12:54:17AM +0100, Ga?l Le Mignot wrote:
> > No, we should use a random translator, which, at least, provide uniform
> > numbers, and differents number on successive reads.
>
> I have not heard argument(s) against this.
The argument is really simple. Programs that use /dev/urandom
generally expect to get numbers that are not only uniform, but numbers
which are actually *useful* for *cryptographic* purposes. Creating a
/dev/urandom that does something different is breaking that informal
interface.
I mean, it's like making /usr/lib/sendmail a symlink to nethack:
There's an informal interface defining what the thing installed as
/usr/lib/sendmail should do, and you break that by doing something
completely different. Except that instead of broken mail delivery,
munging with /dev/urandom will give you subtle, and hard to notice
security holes.
If you do that, anybody that's trying to write serious crypto software
will have to add some workaround that tries to figure out if you're
running on the Hurd or not, and if you are, note that you most likely
have a broken useless /dev/urandom and avoid using it. Furthermore,
whenever a proper Hurd /dev/urandom is written, there will be
confusion for *years* on whether or not /dev/urandom on the Hurd is
usable, as crypto applications will have a hard time knowing if
/dev/urandom on a particular Hurd machine happens to be the new
working one or the old useless version.
And the openssh issue seems *really* really stupid. Just enable the
configure flag to make it work on systems without /dev/urandom and be
done with it! (Ok, for obvious reasones I haven't compiled any openssh
for years, but I think someone mentioned earlier that there is a
configure flag for exactly that).
/Niels
Reply to: