[19247] in bugtraq
Re: OS snobbery... (was Re: Bad PRNGs revisted in FreSSH)
daemon@ATHENA.MIT.EDU (Lars Hecking)
Thu Feb 15 20:15:34 2001
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20010215194509.A24607@nmrc.ie>
Date: Thu, 15 Feb 2001 19:45:09 +0000
Reply-To: Lars Hecking <lhecking@NMRC.IE>
From: Lars Hecking <lhecking@NMRC.IE>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010214153301.A17143@rek.tjls.com>; from tls@REK.TJLS.COM on
Wed, Feb 14, 2001 at 03:33:01PM -0500
> Someone else stated elsewhere in this thread that NetBSD (one of
> the platforms used for FreSSH development, coincidentally) is an
> example of a current operating system without a /dev/random. That's
> actually false, and in point of fact, with the quick application of
> a Sun-provided patch you can even have a /dev/random on Solaris.
You are correct about NetBSD, but not Solaris. The random device
in SUNWski is part of the web server package in Solaris Server,
but that package was dropped in Solaris 8 in favour of Apache.
Also, it is not a "real", character device, it is a pipe. This
does seem to make a difference for some applications.
The only "real" random device for Solaris (2.5.1 through 8) is
Andi Maier's at http://www.cosy.sbg.ac.at/~andi/. While it seems
to work nicely, I am not aware that people have actually tested
the quality of this PRNG.
