Oystein Viggen <[EMAIL PROTECTED]> writes: > Actually, I think I recognize some of the comments in that file from the > Entropy Gathering Daemon, egd.pl, and I certainly recognize some of the > examples (like getting a non-existant URL from lavarand :)
If so, they have probably looked at the cryptlib code; I haven't yet looked into egd. > Wouldn't it be a good idea to make new versions of lsh able to speak to > EGD and compatible daemons (unless of course they already do)? OpenSSH > already has that option (--with-egd-pool= in configure). It might be. The main reason I haven't done that is that I don't want the security of lsh to crucially depend on some other piece of code that I don't understand. So I first have to look at and understand egd and/or prngd, and I haven't taken the time to do that. (And it ought to be a runtime switch, with only the default specified at compile time). > Having some pre-buffered entropy seems to work much better than > trying to generate it on the fly. Another possibility is sava some state to a file .lsh/random_seed, like the original ssh did. Of course, such a file should be used in addition to the any other randomness sources available. > If you want to test prngd, you can find it here: > http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html I'll put that on my TODO list. /Niels
