tech-crypto archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption



tls@ wrote:

> On Sun, Mar 04, 2012 at 01:50:33PM +0900, Izumi Tsutsui wrote:
> > tls@ wrote:
> > 
> > > On Sun, Mar 04, 2012 at 01:26:40PM +0900, Izumi Tsutsui wrote:
> > > > 
> > > > It looks the root cause of these problems is that
> > > > new kernel RNG explicitly requires too much entropy.
> > > 
> > > Uh, no.  With DEBUG turned on, the new kernel RNG *tells you* when
> > > you run out of entropy.  The old one didn't.
> > > 
> > > The way OpenSSH uses OpenSSL, it was drawing 32 bytes from /dev/urandom
> > > half a dozen times per connection.  It's certainly not the fault of
> > > the new code that the old code did not inform anyone of the problem.
> > 
> > Then what about other OSes, like OpenBSD and FreeBSD etc?
> >
> > If only NetBSD's RNG implementation requires these OpenSSH/OpenSSL
> > chagnes, I'm afraid upstream says it's OS specific bug and they
> > will reject these large changes.
> 
> I'm not sure what you mean by "requires".  Our RNG implementation is
> conservative enough to warn about the extreme entropy consumption;
> that does not mean the extreme entropy consumption does not happen on
> other operating systems, but rather that they do not tell you about it!
> 
> Using less entropy while providing better security cannot possibly be
> a bad thing, no matter what platform you're on.

Then isn't it better to ask these changes to upstream first?

> And, by the way, what "large changes"?  The patch is 6 kilobytes as a
> unidiff.

I'm afraid maintaining 6KB diffs in src/external tree
would be annoying in future imports.

---
Izumi Tsutsui


Home | Main Index | Thread Index | Old Index