tech-crypto@netbsd.org
[Top] [All Lists]

Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption

Subject: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
From: Izumi Tsutsui
Date: Sun, 4 Mar 2012 13:50:33 +0900
tls@ wrote:

> On Sun, Mar 04, 2012 at 01:26:40PM +0900, Izumi Tsutsui wrote:
> > 
> > It looks the root cause of these problems is that
> > new kernel RNG explicitly requires too much entropy.
> 
> Uh, no.  With DEBUG turned on, the new kernel RNG *tells you* when
> you run out of entropy.  The old one didn't.
> 
> The way OpenSSH uses OpenSSL, it was drawing 32 bytes from /dev/urandom
> half a dozen times per connection.  It's certainly not the fault of
> the new code that the old code did not inform anyone of the problem.

Then what about other OSes, like OpenBSD and FreeBSD etc?

If only NetBSD's RNG implementation requires these OpenSSH/OpenSSL
chagnes, I'm afraid upstream says it's OS specific bug and they
will reject these large changes.

---
Izumi Tsutsui

<Prev in Thread] Current Thread [Next in Thread>