tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption



On Sun, Mar 04, 2012 at 01:26:40PM +0900, Izumi Tsutsui wrote:
> 
> It looks the root cause of these problems is that
> new kernel RNG explicitly requires too much entropy.

Uh, no.  With DEBUG turned on, the new kernel RNG *tells you* when
you run out of entropy.  The old one didn't.

The way OpenSSH uses OpenSSL, it was drawing 32 bytes from /dev/urandom
half a dozen times per connection.  It's certainly not the fault of
the new code that the old code did not inform anyone of the problem.

Thor


Home | Main Index | Thread Index | Old Index