Bugtraq mailing list archives
Re: Bad PRNGs revisted in FreSSH
From: Andrew Brown <atatat () ATATDOT NET>
Date: Thu, 15 Feb 2001 19:00:21 -0500
* it doesn't _quite_ degenerate to just the code you pasted above; several timings are mixed in, not just at seed time but over the course of the daemon's run.Have you estimated the total entropy supplied by this seeding activity? It needs to be (at the very least) greater than the entropy consumed in generating
you're almost comparing apples to oranges here.
1) long term server keys
these are usually generated one time: when the software is installed.
2) 'ephemeral' server RSA keys
this is the use of the entropy that most people are probably concerned with these days, although these are *typically* generated only once an hour.
3) session keys
these are generated by the client. they should have their own sources of entropy, the use of which should not affect the server. and you missed 4) cookies the server sends these to the client to (attempt to) defend against tcp hijacking or ip spoofing. -- |-----< "CODE WARRIOR" >-----| codewarrior () daemon org * "ah! i see you have the internet twofsonet () graffiti com (Andrew Brown) that goes *ping*!" andrew () crossbar com * "information is power -- share the wealth."
Current thread:
- Bad PRNGs revisted in FreSSH Charles M. Hannum (Feb 13)
- <Possible follow-ups>
- Re: Bad PRNGs revisted in FreSSH tls (Feb 14)
- OS snobbery... (was Re: Bad PRNGs revisted in FreSSH) Valdis Kletnieks (Feb 15)
- Re: OS snobbery... (was Re: Bad PRNGs revisted in FreSSH) Thor Lancelot Simon (Feb 15)
- Re: OS snobbery... (was Re: Bad PRNGs revisted in FreSSH) Lars Hecking (Feb 15)
- OS snobbery... (was Re: Bad PRNGs revisted in FreSSH) Valdis Kletnieks (Feb 15)
- Re: Bad PRNGs revisted in FreSSH Damien Miller (Feb 15)
- Re: Bad PRNGs revisted in FreSSH Andrew Brown (Feb 15)
- Re: Bad PRNGs revisted in FreSSH Joe Laffey (Feb 15)
- Re: Bad PRNGs revisted in FreSSH Ulf Moeller (Feb 15)
- Re: Bad PRNGs revisted in FreSSH Thor Lancelot Simon (Feb 15)