tech-crypto@netbsd.org
[Top] [All Lists]

Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption

Subject: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
From: Thor Lancelot Simon
Date: Sat, 3 Mar 2012 23:30:16 -0500
On Sun, Mar 04, 2012 at 01:26:40PM +0900, Izumi Tsutsui wrote:
> 
> It looks the root cause of these problems is that
> new kernel RNG explicitly requires too much entropy.

Uh, no.  With DEBUG turned on, the new kernel RNG *tells you* when
you run out of entropy.  The old one didn't.

The way OpenSSH uses OpenSSL, it was drawing 32 bytes from /dev/urandom
half a dozen times per connection.  It's certainly not the fault of
the new code that the old code did not inform anyone of the problem.

Thor

<Prev in Thread] Current Thread [Next in Thread>