Re: PRNGD and ssh-rand-helper

From: Lutz Jaenicke (jaenicke_at_iee.TU-Berlin.DE)
Date: 05/28/03

• Next message: Richard Caley: "Re: authorized_keys and security"
• Previous message: Hactar: "show login by WinSCP?"
• In reply to: Chad Johnson: "Re: PRNGD and ssh-rand-helper"
• Next in thread: Darren Tucker: "Re: PRNGD and ssh-rand-helper"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 28 May 2003 07:24:04 GMT

In article <f5fb93bc.0305270821.12b9c6b@posting.google.com>, Chad Johnson wrote:
>> Another way would be to modify the /etc/ssh/ssh_prng_cmds to only
>> query your prngd using a suitable application, e.g. egc.pl or prngt-ctl
>> (the former coming with egd, the latter coming with prngd).
>
> Could you please give an example of how to configure the
> /etc/ssh/ssh_prng_cmds files for the use of egc.pl. I have the line:
> "egc.pl /var/spool/prngd/pool read 255" /path/to/egc.pl "
>
> What value would you suggest for the rate? I do not understand how
> the 'rate' works in this file.

The rate value is the fraction of entropy you estimate to be in the output
of the command.
egc.pl will give you entropy from egd, having a quality of "1.0": all bits
are considered to be fully random. However: egc.pl will print out the bytes
it received in hex (you will get 530 characters back if you asked for 255
bytes), therefore 530bytes/255randombytes=0.5.
You shall therefore use a "rate" of 0.5.

(Minor correction: the output from egc.pl contains an additional fixed
informational part:
serv01 22: egc.pl /var/run/egd-pool read 255
got 255 bytes of entropy: 19fc2febc53dbf951ccfd02852f3fa44208bab976e58e0cafa0cd22cfa1dccb082713823524e31a5a16cc42feb0b4b6d3203e2f1d4bb83be413b647557afb28ed584d5795aa0708d85d9c01791c83f4501e0d3e6d2574250ef0a4221410e1eb4a7355dfd513c9d86e0661180da9b255ddf43e579e821555ff4273c2f05f42930111219ae734ec90076d1ed2af5b7d6428afa33960042b6407112707dc834e0f3036cf0c88f88d3c1c986ea26d87633373bd854e6eaa6d549ce31605338e33377a17fc2a0098c97c4f1f62942225b5b5ffa2765ee465c7d11fd9279b30700db8d324ab97e11ffc94c875ae11e3f610d5c268cc1f0cc26fe9a16df35d264dc71

So you have to account for the additional "got 255 bytes of entropy: ", makeing
for another 26 bytes. I did not check, whether there is a linefeed at the end
of the line, which would require another byte. Therefore the actual rate is
556/255... I would probably set 0.4 to be on the safe side.)

Best regards,
        Lutz

• Next message: Richard Caley: "Re: authorized_keys and security"
• Previous message: Hactar: "show login by WinSCP?"
• In reply to: Chad Johnson: "Re: PRNGD and ssh-rand-helper"
• Next in thread: Darren Tucker: "Re: PRNGD and ssh-rand-helper"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: EGD and PRNGD ... First of all, if you want to use PRNGD, EGD is OPTIONAL end NOT mandatory on SOlaris 2.6 ... DTVc> I'm running Solaris 2.6 on a Unix Platform. ... DTVc> *** Error code 1 ... (SSH) Re: EGD and PRNGD ... Sun also provides a patch to provide /dev/random on older ... >First of all, if you want to use PRNGD, EGD is OPTIONAL end NOT mandatory ... >DTVc> I'm running Solaris 2.6 on a Unix Platform. ... (SSH) Re: dev/random ... >> I would choose a file that software like OpenSSL, OpenSSH, GnuPG, the EGD, ... >> would expect to read entropy from, ... >> need to consider the context of diskless booting where only a minimal root ... (freebsd-current) Re: Problems with Openssh and PRNGD/EGD ... In the PRNGD README ... Man, they suck. ... Did I have to have EGD ... I tried installing EGD first but still no egd-pool ... (comp.security.ssh) Re: Looking for GNU WINDOWS Entropy Gathering Thingie ... Obvious solutions are the EGD and PRNGD code. ... GNU code is viral (ie, if you distribute a project that contains GNU code, ... them to create a entropy pool, then use the output of that entropy pool in your ... (sci.crypt)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint