Re: ssh, /dev/urandom
On Tue, 17 Dec 2002, Hubert Chan wrote:
> Philip> 2. Does ssh only use urandom once, that is to generate keys while it is
> Philip> configuring? Again I have assumed yes.
>
> I don't think the public/private key (i.e. host key) generation is much
> of an issue, since one should be able to generate these on a different
> machine with a good random number source, and copy them over.
>
> But ssh needs to generate a session key. Since public key crypto is
> slower than symmetric crypto, ssh only uses the host key to send a
> session key, which is used to do symmetric crypto. I don't know the
> *exact* details, but that's the general idea, and it's used in pretty
> much all public key crypto systems, or at least in the ones made by
> people who know what they're doing.
Thanks. Helpful.
Phil.
--
Philip Charles; 39a Paterson Street, Abbotsford, Dunedin, New Zealand
+64 3 488 2818 Fax +64 3 488 2875 Mobile 025 267 9420
philipc@copyleft.co.nz - preferred. philipc@debian.org
I sell GNU/Linux & GNU/Hurd CDs. See http://www.copyleft.co.nz
Reply to: