[Lunar-bugs] [feature] OpenSSL and OpenSSH /dev/random

tchan maintainer at lunar-linux.org
Thu Jul 22 16:47:58 GMT 2004


 Project:      lunar-linux
 Version:      <none>
 Component:    moonbase (modules)
 Category:     feature requests
 Priority:     minor
 Assigned to:  
 Reported by:  v3rt1g0
 Updated by:   tchan
 Status:       active

I would say NO to this request.  It will not work in the general case as
/dev/random is ALWAYS provided by devfs and there is no simple way to
determine if /dev/random is a real device like it is on the Via C5XL
motherboard or just a pseudo device provided by devfs.  If its a pseudo
device then you do NOT want to use it to generate anything related to
OPENSSH/SSL.

You can already regenerate your own SSH keys and make new SSL
certificates at anytime you so desire.

tchan



Previous comments:
------------------------------------------------------------------------

Thu, 07/22/2004 - 08:41 : v3rt1g0

Could we add an (optional) option to both openssh and openssl to make
use of /dev/random (hardware based random number generator)?  It would
require the use of this text (DEVRANDOM="/dev/random" DEVRANDOM_EGD=""
(for make install)) for openssl and this text (  --without-rand-helper
(for ./configure)) for openssh.  

Note: the OpenSSH option to use the hardware RNG requires you to have
told openssl to use the hardward RNG option from what I can tell.

more info here... http://peertech.org/hardware/viarng/C5RndApps.html

Thanx.

-- 
View: http://lunar-linux.org/?q=node/view/362
Edit: http://lunar-linux.org/?q=project/comments/add/362




More information about the Lunar-bugs mailing list