tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
On Sun, Mar 04, 2012 at 01:26:40PM +0900, Izumi Tsutsui wrote:
>
> It looks the root cause of these problems is that
> new kernel RNG explicitly requires too much entropy.
Uh, no. With DEBUG turned on, the new kernel RNG *tells you* when
you run out of entropy. The old one didn't.
The way OpenSSH uses OpenSSL, it was drawing 32 bytes from /dev/urandom
half a dozen times per connection. It's certainly not the fault of
the new code that the old code did not inform anyone of the problem.
Thor
Home |
Main Index |
Thread Index |
Old Index