Re: ssh, /dev/urandom (was: Re: K1 images - final report?)

To: Budi Rahardjo <budi@research.indocisc.com>
Cc: debian-hurd@lists.debian.org
Subject: Re: ssh, /dev/urandom (was: Re: K1 images - final report?)
From: Philip Charles <philipc@copyleft.co.nz>
Date: Tue, 17 Dec 2002 14:54:36 +1300 (NZDT)
Message-id: <[🔎] Pine.LNX.4.44.0212171447390.19861-100000@stephen.copyleft.co.nz>
In-reply-to: <[🔎] 20021217013456.GA30498@research.indocisc.com>

On Tue, 17 Dec 2002, Budi Rahardjo wrote:

> Even ssh/ssl had problems, but that doesn't stop people from
> using it *right now*. ie. not waiting until it is really ... really ...
> realy ... really (well, you get the point) secure.
>
> Just give a warning that current ssh implementation is not that secure.
>
> Ok. If you guys don't want to include ssh in the package,
> at least give a pointer how to do it. (Even not so secure.)
>
> Now, what's current best practice? We use this:
>    http://kilobug.free.fr/hurd/random-64.tar.gz
> Is there a better alternative(s)?
>

The warning displayed at the end of total.sh

echo "A file needs to be copied to /dev/urandom before ssh will configure"
echo "then run <dpkg --configure -a>. Security will be poor unless the file"
echo "consists of random material."

Phil.

--
  Philip Charles; 39a Paterson Street, Abbotsford, Dunedin, New Zealand
   +64 3 488 2818        Fax +64 3 488 2875        Mobile 025 267 9420
     philipc@copyleft.co.nz - preferred.          philipc@debian.org
     I sell GNU/Linux & GNU/Hurd CDs.   See http://www.copyleft.co.nz

Reply to:

Follow-Ups:
- Re: ssh, /dev/urandom
  - From: kilobug@freesurf.fr (Gaël Le Mignot)

References:
- ssh, /dev/urandom (was: Re: K1 images - final report?)
  - From: Budi Rahardjo <budi@research.indocisc.com>

Prev by Date: Re: Induced crashes
Next by Date: Re: ssh, /dev/urandom (was: Re: K1 images - final report?)
Previous by thread: ssh, /dev/urandom (was: Re: K1 images - final report?)
Next by thread: Re: ssh, /dev/urandom
Index(es):
- Date
- Thread