Re: ssh, /dev/urandom
"Alfred M. Szmidt" <ams@kemisten.nu> writes:
> > Telnet has worse security than even a buggy miserably fake ssh.
> >
> > Telnet has _no_ security. It doesn't have fake security, which you
> > get by using crappy random bits and Open SSH. That is a huge
> > difference. Open SSH was designed for security, telnet was _not_.
>
> What? So you are saying that telnet is better than a fake ssh?
>
> Yes, in the sense that it does _NOT_ give the user a sense of fake
> security.
This is an excellent reason to document what we do carefully and
completely.
> The kind of security that I do _not_ stand up for is the kind that
> gives the user a fake feeling. Which is what you want todo with
> adding weirdo hacks. The best suggestion has been to compile Open SSH
> with its own flags for gathering random bits on systems that do not
> support /dev/random or /dev/urandom.
No, not at all. I don't want to give the user a fake feeling. I want
the user to be able to make a judgement "in this case, the security is
not important, but telnet is a major hassle, so I choose the fake
ssh".
> Are you even following this discussion? I have not said a single word
> of the exlusion of ssh, not even muttered it, or implied it. I am
> against including a unsecure random translator!!!
Geez, there are enough proposals on the table already. urandom isn't
guaranteed anything anyway, really, but I agree that we should do the
best we can, which might mean something nicely pseudo-random based on
something like the clock or the process table. I'm not in favor of
just linking it to bash.
But I do *not* agree that linking it to bash is bad on the grounds
that we should never ever do such a thing, but only because we can do
better with little extra work.
Reply to:
- References:
- Re: K1 images - final report?
- From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: K1 images - final report?
- From: kilobug@freesurf.fr (Gaël Le Mignot)
- Re: K1 images - final report?
- From: "Alfred M. Szmidt" <ams@kemisten.nu>
- ssh, /dev/urandom (was: Re: K1 images - final report?)
- From: Budi Rahardjo <budi@research.indocisc.com>
- Re: ssh, /dev/urandom (was: Re: K1 images - final report?)
- From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: ssh, /dev/urandom (was: Re: K1 images - final report?)
- From: pancake <sergipop@mx3.redestb.es>
- Re: ssh, /dev/urandom (was: Re: K1 images - final report?)
- From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: ssh, /dev/urandom
- From: kilobug@freesurf.fr (Gaël Le Mignot)
- Re: ssh, /dev/urandom
- From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: ssh, /dev/urandom
- From: tb@becket.net (Thomas Bushnell, BSG)
- Re: ssh, /dev/urandom
- From: Jeff Bailey <jbailey@nisa.net>
- Re: ssh, /dev/urandom
- From: tb@becket.net (Thomas Bushnell, BSG)
- Re: ssh, /dev/urandom
- From: neal@cs.uml.edu (Neal H. Walfield)
- Re: ssh, /dev/urandom
- From: kilobug@freesurf.fr (Gaël Le Mignot)
- Re: ssh, /dev/urandom
- From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: ssh, /dev/urandom
- From: tb@becket.net (Thomas Bushnell, BSG)
- Re: ssh, /dev/urandom
- From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: ssh, /dev/urandom
- From: tb@becket.net (Thomas Bushnell, BSG)
- Re: ssh, /dev/urandom
- From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: ssh, /dev/urandom
- From: tb@becket.net (Thomas Bushnell, BSG)
- Re: ssh, /dev/urandom
- From: "Alfred M. Szmidt" <ams@kemisten.nu>