tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
tls@ wrote:
> On Sun, Mar 04, 2012 at 01:50:33PM +0900, Izumi Tsutsui wrote:
> > tls@ wrote:
> >
> > > On Sun, Mar 04, 2012 at 01:26:40PM +0900, Izumi Tsutsui wrote:
> > > >
> > > > It looks the root cause of these problems is that
> > > > new kernel RNG explicitly requires too much entropy.
> > >
> > > Uh, no. With DEBUG turned on, the new kernel RNG *tells you* when
> > > you run out of entropy. The old one didn't.
> > >
> > > The way OpenSSH uses OpenSSL, it was drawing 32 bytes from /dev/urandom
> > > half a dozen times per connection. It's certainly not the fault of
> > > the new code that the old code did not inform anyone of the problem.
> >
> > Then what about other OSes, like OpenBSD and FreeBSD etc?
> >
> > If only NetBSD's RNG implementation requires these OpenSSH/OpenSSL
> > chagnes, I'm afraid upstream says it's OS specific bug and they
> > will reject these large changes.
>
> I'm not sure what you mean by "requires". Our RNG implementation is
> conservative enough to warn about the extreme entropy consumption;
> that does not mean the extreme entropy consumption does not happen on
> other operating systems, but rather that they do not tell you about it!
>
> Using less entropy while providing better security cannot possibly be
> a bad thing, no matter what platform you're on.
Then isn't it better to ask these changes to upstream first?
> And, by the way, what "large changes"? The patch is 6 kilobytes as a
> unidiff.
I'm afraid maintaining 6KB diffs in src/external tree
would be annoying in future imports.
---
Izumi Tsutsui
Home |
Main Index |
Thread Index |
Old Index