Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption

To: tls%panix.com@localhost
Subject: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
From: Izumi Tsutsui <tsutsui%ceres.dti.ne.jp@localhost>
Date: Sun, 4 Mar 2012 13:26:40 +0900

tls@ wrote:

> When applied along with revisions 1.10 and 1.11 of libc/gen/arc4random.c,
> these patches should stop the excessive entropy consumption observed with
> OpenSSH on current and NetBSD 6-branch systems.
> 
> I note that the cause of the problem is complex and somewhat amusing.
> 
> Let's start from this question: why on earth are there calls to
> arc4random_stir() in unexpected places all over the OpenSSH sources?

I have no knowledge about RNG implementation, but if these
useland changes are required after kernel RNG changes,
doesn't it mean implicit kernel API change?
It looks the root cause of these problems is that
new kernel RNG explicitly requires too much entropy.

---
Izumi Tsutsui

Follow-Ups:
- Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
  - From: Thor Lancelot Simon

References:
- OpenSSH/OpenSSL patches to stop excessive entropy consumption
  - From: Thor Lancelot Simon

Prev by Date: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
Next by Date: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
Previous by Thread: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
Next by Thread: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
Indexes:

Home | Main Index | Thread Index | Old Index