tomaswolf commented on issue #642: URL: https://github.com/apache/mina-sshd/issues/642#issuecomment-2552971108
As for PEBCAK the question is between _which_ chair and _whose_ keyboard :-). Guess both are mine. Sorry about that. I should have known about that potential problem, but somehow I had assumed that switching to a strong RNG was fine after I saw no detrimental effects neither locally nor in CI. I think the correct way forward is to revert that commit, and then enhance the random thing in Apache MINA sshd such that strong and "normal" RNGs can be configured separately. Most uses of the RNG don't have to use a strong RNG, but wherever the RNG is used to derive a key (for instance in the KEMs) using a strong RNG might make sense. In particular in `encode()` I don't think a strong RNG is needed; message padding or the KEX cookie should both be fine using a normal RNG. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
