[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: [6.0_BETA] cprng xxx: WARNING insufficient entropy at creation.
On Sat, Feb 25, 2012 at 11:55:40PM -0500, Thor Lancelot Simon wrote:
> Try the following patch. Warning -- untested. But it should do the job.
I committed a version of this and will request a pullup. But there is
a remaining problem caused by the way sshd re-execs itself at every
connection -- this effectively drains the OpenSSL internal RNG of bits
and causes it to suck 256 bits out of /dev/urandom for each SSH
If you look at src/crypto/external/bsd/openssl/dist/rand/rand_unix.c
you can see that someone working on OpenBSD noticed this and decided
to deal with it by effectively replacing the OpenSSL RNG with arc4,
#ifdef OpenBSD. Whoops. I think I will not do that, so it will take me
a little longer to come up with a good fix.
Main Index |
Thread Index |