[Lunar-bugs] [feature] OpenSSL and OpenSSH /dev/random
tchan
maintainer at lunar-linux.org
Thu Jul 22 16:47:58 GMT 2004
Project: lunar-linux
Version: <none>
Component: moonbase (modules)
Category: feature requests
Priority: minor
Assigned to:
Reported by: v3rt1g0
Updated by: tchan
Status: active
I would say NO to this request. It will not work in the general case as
/dev/random is ALWAYS provided by devfs and there is no simple way to
determine if /dev/random is a real device like it is on the Via C5XL
motherboard or just a pseudo device provided by devfs. If its a pseudo
device then you do NOT want to use it to generate anything related to
OPENSSH/SSL.
You can already regenerate your own SSH keys and make new SSL
certificates at anytime you so desire.
tchan
Previous comments:
------------------------------------------------------------------------
Thu, 07/22/2004 - 08:41 : v3rt1g0
Could we add an (optional) option to both openssh and openssl to make
use of /dev/random (hardware based random number generator)? It would
require the use of this text (DEVRANDOM="/dev/random" DEVRANDOM_EGD=""
(for make install)) for openssl and this text ( --without-rand-helper
(for ./configure)) for openssh.
Note: the OpenSSH option to use the hardware RNG requires you to have
told openssl to use the hardward RNG option from what I can tell.
more info here... http://peertech.org/hardware/viarng/C5RndApps.html
Thanx.
--
View: http://lunar-linux.org/?q=node/view/362
Edit: http://lunar-linux.org/?q=project/comments/add/362
More information about the Lunar-bugs
mailing list