Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption

To: tls%panix.com@localhost
Subject: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
From: Izumi Tsutsui <tsutsui%ceres.dti.ne.jp@localhost>
Date: Sun, 4 Mar 2012 13:50:33 +0900

tls@ wrote:

> On Sun, Mar 04, 2012 at 01:26:40PM +0900, Izumi Tsutsui wrote:
> > 
> > It looks the root cause of these problems is that
> > new kernel RNG explicitly requires too much entropy.
> 
> Uh, no.  With DEBUG turned on, the new kernel RNG *tells you* when
> you run out of entropy.  The old one didn't.
> 
> The way OpenSSH uses OpenSSL, it was drawing 32 bytes from /dev/urandom
> half a dozen times per connection.  It's certainly not the fault of
> the new code that the old code did not inform anyone of the problem.

Then what about other OSes, like OpenBSD and FreeBSD etc?

If only NetBSD's RNG implementation requires these OpenSSH/OpenSSL
chagnes, I'm afraid upstream says it's OS specific bug and they
will reject these large changes.

---
Izumi Tsutsui

Follow-Ups:
- Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
  - From: Thor Lancelot Simon

References:
- Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
  - From: Thor Lancelot Simon

Prev by Date: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
Next by Date: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
Previous by Thread: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
Next by Thread: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
Indexes:

Home | Main Index | Thread Index | Old Index