Niels M�ller wrote: > The only potential problem I'm aware of is the randomness > initialization; recent versions of lsh try to cope without > /dev/urandom by executing some random commands (vmstat, netstat, ps, > etc with various flags), and seed a prng (currently based on arcfour) > from the output. See > http://www.lysator.liu.se/~nisse/lsh/src/unix_random.c for the > complete list, most of it is taken from Peter Gutmanns cryptlib.
Actually, I think I recognize some of the comments in that file from the Entropy Gathering Daemon, egd.pl, and I certainly recognize some of the examples (like getting a non-existant URL from lavarand :) I already have an EGD compatible daemon, prngd, running on my system constantly feeding on vmstat, ps and the likes to gather randomness available from a socket, for programs that support it. Like /dev/urandom, prngd will continue to supply pseudo random data when it runs out of entropy. Wouldn't it be a good idea to make new versions of lsh able to speak to EGD and compatible daemons (unless of course they already do)? OpenSSH already has that option (--with-egd-pool= in configure). Having some pre-buffered entropy seems to work much better than trying to generate it on the fly. I tried to make OpenSSH use /etc/ssh/ssh_prng_cmds, which seems a similar approach as the one you describe for lsh, but it simply was not able to produce enough random data neither for key generation nor for simple client connections. Prngd worked wonderfully. If you want to test prngd, you can find it here: http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html Oystein -- ssh -c rot13 otherhost
