Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption

To: Izumi Tsutsui <tsutsui%ceres.dti.ne.jp@localhost>
Subject: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Sat, 3 Mar 2012 23:30:16 -0500

On Sun, Mar 04, 2012 at 01:26:40PM +0900, Izumi Tsutsui wrote:
> 
> It looks the root cause of these problems is that
> new kernel RNG explicitly requires too much entropy.

Uh, no.  With DEBUG turned on, the new kernel RNG *tells you* when
you run out of entropy.  The old one didn't.

The way OpenSSH uses OpenSSL, it was drawing 32 bytes from /dev/urandom
half a dozen times per connection.  It's certainly not the fault of
the new code that the old code did not inform anyone of the problem.

Thor

Follow-Ups:
- Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
  - From: Izumi Tsutsui

References:
- OpenSSH/OpenSSL patches to stop excessive entropy consumption
  - From: Thor Lancelot Simon
- Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
  - From: Izumi Tsutsui

Prev by Date: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
Next by Date: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
Previous by Thread: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
Next by Thread: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
Indexes:

Home | Main Index | Thread Index | Old Index