Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption

[Thor Lancelot Simon <tls%panix.com@localhost>]

On Sun, Mar 04, 2012 at 01:50:33PM +0900, Izumi Tsutsui wrote:
> tls@ wrote:
> 
> > On Sun, Mar 04, 2012 at 01:26:40PM +0900, Izumi Tsutsui wrote:
> > > 
> > > It looks the root cause of these problems is that
> > > new kernel RNG explicitly requires too much entropy.
> > 
> > Uh, no.  With DEBUG turned on, the new kernel RNG *tells you* when
> > you run out of entropy.  The old one didn't.
> > 
> > The way OpenSSH uses OpenSSL, it was drawing 32 bytes from /dev/urandom
> > half a dozen times per connection.  It's certainly not the fault of
> > the new code that the old code did not inform anyone of the problem.
> 
> Then what about other OSes, like OpenBSD and FreeBSD etc?
>
> If only NetBSD's RNG implementation requires these OpenSSH/OpenSSL
> chagnes, I'm afraid upstream says it's OS specific bug and they
> will reject these large changes.

I'm not sure what you mean by "requires".  Our RNG implementation is
conservative enough to warn about the extreme entropy consumption;
that does not mean the extreme entropy consumption does not happen on
other operating systems, but rather that they do not tell you about it!

Using less entropy while providing better security cannot possibly be
a bad thing, no matter what platform you're on.

And, by the way, what "large changes"?  The patch is 6 kilobytes as a
unidiff.

Thor