tech-crypto@netbsd.org
[Top] [All Lists]

Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption

Subject: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
From: Izumi Tsutsui
Date: Sun, 4 Mar 2012 13:26:40 +0900
tls@ wrote:

> When applied along with revisions 1.10 and 1.11 of libc/gen/arc4random.c,
> these patches should stop the excessive entropy consumption observed with
> OpenSSH on current and NetBSD 6-branch systems.
> 
> I note that the cause of the problem is complex and somewhat amusing.
> 
> Let's start from this question: why on earth are there calls to
> arc4random_stir() in unexpected places all over the OpenSSH sources?

I have no knowledge about RNG implementation, but if these
useland changes are required after kernel RNG changes,
doesn't it mean implicit kernel API change?
It looks the root cause of these problems is that
new kernel RNG explicitly requires too much entropy.

---
Izumi Tsutsui

<Prev in Thread] Current Thread [Next in Thread>