[19250] in bugtraq
Re: Bad PRNGs revisted in FreSSH
daemon@ATHENA.MIT.EDU (Andrew Brown)
Thu Feb 15 21:58:44 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Errors-To: owner-bugtraq@SECURITYFOCUS.COM
Message-Id: <20010215190021.A29043@noc.untraceable.net>
Date: Thu, 15 Feb 2001 19:00:21 -0500
Reply-To: bugtraq@SECURITYFOCUS.COM
From: Andrew Brown <atatat@ATATDOT.NET>
X-To: Damien Miller <djm@MINDROT.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.21.0102151425070.3622-100000@mothra.mindrot.org>;
from djm@MINDROT.ORG on Thu, Feb 15, 2001 at 02:44:59PM +1100
>> * it doesn't _quite_ degenerate to just the code
>> you pasted above; several timings are mixed in,
>> not just at seed time but over the course of the
>> daemon's run.
>
>Have you estimated the total entropy supplied by this seeding activity? It
>needs to be (at the very least) greater than the entropy consumed in
>generating
you're almost comparing apples to oranges here.
>1) long term server keys
these are usually generated one time: when the software is installed.
>2) 'ephemeral' server RSA keys
this is the use of the entropy that most people are probably concerned
with these days, although these are *typically* generated only once an
hour.
>3) session keys
these are generated by the client. they should have their own sources
of entropy, the use of which should not affect the server.
and you missed 4) cookies
the server sends these to the client to (attempt to) defend against
tcp hijacking or ip spoofing.
--
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org * "ah! i see you have the internet
twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
andrew@crossbar.com * "information is power -- share the wealth."
