Environment: hppa-next-nextstep3
Problem:
openssh ./configure needs a working prngd
prngd needs libopenbsd-compat
libopenbsd-compat is part of opens
So this is chicken and egg problem.
Suggested solutions:
- provide libopenbsd-compat as a standalone project outside of openssh
- or: add an option to configure: —without-prngd-check
- or: provide a builtin solution that does not rely on prngd
I did follow the recent news -- getting good random numbers is really hard.
But maybe for a fallback, a Mersenne Twister initialized with some timestamp,
put in a ps auxw of the day as a seed, and that should be hard enough to
reproduce (you know better than me)
C’mon I’m trying to get a modern ssl/ssh up for such an old nextstep3 machine,
That os is not secure anyway.
Or to put it another way: If openssh relies on a good source of randomness
(even in configure)
than this trust should not be put to some other projects,
but actually providing good random numbers should be part of the
openssh/openssl codebase itself.
or better than, let’s build openrandom aka librandom.
This should be build into openssh/openssl and not rely on a not trusted outside
randomness service.
To my believe there must be some randomness in every computer here and there,
but I’m not an expert there.
For those ones seeking real randomness,
you might want to add —with-random-random
But then again, I’m just trying to compile this on a 20 year old operating
system.
BTW: compiling OpenSSL just worked like a charm, all tests passed
(predictably -- until it needed some randomness)
BTW: is there some code out there to check for randomness?
Obviously no program out there can ever prove randomness.
Just kidding.
