tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
tls@ wrote:
> When applied along with revisions 1.10 and 1.11 of libc/gen/arc4random.c,
> these patches should stop the excessive entropy consumption observed with
> OpenSSH on current and NetBSD 6-branch systems.
>
> I note that the cause of the problem is complex and somewhat amusing.
>
> Let's start from this question: why on earth are there calls to
> arc4random_stir() in unexpected places all over the OpenSSH sources?
I have no knowledge about RNG implementation, but if these
useland changes are required after kernel RNG changes,
doesn't it mean implicit kernel API change?
It looks the root cause of these problems is that
new kernel RNG explicitly requires too much entropy.
---
Izumi Tsutsui
Home |
Main Index |
Thread Index |
Old Index