Mailing List Archive: Announce: Test release with random collection support

Announce: Test release with random collection support

Apr 3, 2000, 5:14 AM

Post #1 of 4 (701 views)

I have just uploaded a test release of portable openssh to
http://violet.ibs.com.au/openssh/files/test

This release includes some major changes picked up from OpenBSD CVS.

It also includes inbuilt random number gathering support which should
remove the need for EGD on systems that lack /dev/random.

This support is very preliminary. Please treat it as alpha and don't
use it on production systems. It may break, it may not be secure. You
have been warned.

The goal of this release is to get these large code changes tested.
Please send the output of "ssh -v" to the mailing list if your system
lacks /dev/random.

I am also interested in more random sources, please have a look
through entropy.c at the big table and see if you can suggest that are
specific to your system.

Good random sources should return a moderate amounts of very
unpredictable data and shouldn't take long to execute. Be wary of
commands that do implicit DNS lookups which can take ages to complete.

Looking forward to your feedback,
Damien Miller

--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)

Re: Announce: Test release with random collection support [ In reply to ]

mouring at pconline

Apr 3, 2000, 12:05 PM

Post #2 of 4 (694 views)

Permalink

[On NeXT]

Ermm.. Where are RAND_add()/RAND_status() suppost to be defined?

I don't see them as part of the OpenSSL headers, nor part of the OpenSSH
package.

-- Compile Error --
[..]
cc -o ssh ssh.o sshconnect.o log-client.o readconf.o clientloop.o -L.
-L/usr/lo
cal/ssl/lib -L/usr/local/ssl -lssh -lz -lcrypto
/bin/ld: Undefined symbols:
_RAND_add
_RAND_status
*** Exit 1
Stop.

On Mon, 3 Apr 2000, Damien Miller wrote:

>
> I have just uploaded a test release of portable openssh to
> http://violet.ibs.com.au/openssh/files/test
>
> This release includes some major changes picked up from OpenBSD CVS.
>
> It also includes inbuilt random number gathering support which should
> remove the need for EGD on systems that lack /dev/random.
>
> This support is very preliminary. Please treat it as alpha and don't
> use it on production systems. It may break, it may not be secure. You
> have been warned.
>
> The goal of this release is to get these large code changes tested.
> Please send the output of "ssh -v" to the mailing list if your system
> lacks /dev/random.
>
> I am also interested in more random sources, please have a look
> through entropy.c at the big table and see if you can suggest that are
> specific to your system.
>
> Good random sources should return a moderate amounts of very
> unpredictable data and shouldn't take long to execute. Be wary of
> commands that do implicit DNS lookups which can take ages to complete.
>
> Looking forward to your feedback,
> Damien Miller
>
> --
> | "Bombay is 250ms from New York in the new world order" - Alan Cox
> | Damien Miller - http://www.mindrot.org/
> | Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)
>
>
>
>
>

Re: Announce: Test release with random collection support [ In reply to ]

mouring at pconline

Apr 3, 2000, 3:08 PM

Post #3 of 4 (699 views)

Permalink

Ermm.. Nevermind.. Thanks Brian Carrier. I was still running 0.9.4
on the next box.

Compiles and seems to work just fine.. Or at least as well as it did
before.

On Mon, 3 Apr 2000, Ben Lindstrom wrote:

> [On NeXT]
>
> Ermm.. Where are RAND_add()/RAND_status() suppost to be defined?
>
> I don't see them as part of the OpenSSL headers, nor part of the OpenSSH
> package.
>
> -- Compile Error --
> [..]
> cc -o ssh ssh.o sshconnect.o log-client.o readconf.o clientloop.o -L.
> -L/usr/lo
> cal/ssl/lib -L/usr/local/ssl -lssh -lz -lcrypto
> /bin/ld: Undefined symbols:
> _RAND_add
> _RAND_status
> *** Exit 1
> Stop.
>
>
>
> On Mon, 3 Apr 2000, Damien Miller wrote:
>
> >
> > I have just uploaded a test release of portable openssh to
> > http://violet.ibs.com.au/openssh/files/test
> >
> > This release includes some major changes picked up from OpenBSD CVS.
> >
> > It also includes inbuilt random number gathering support which should
> > remove the need for EGD on systems that lack /dev/random.
> >
> > This support is very preliminary. Please treat it as alpha and don't
> > use it on production systems. It may break, it may not be secure. You
> > have been warned.
> >
> > The goal of this release is to get these large code changes tested.
> > Please send the output of "ssh -v" to the mailing list if your system
> > lacks /dev/random.
> >
> > I am also interested in more random sources, please have a look
> > through entropy.c at the big table and see if you can suggest that are
> > specific to your system.
> >
> > Good random sources should return a moderate amounts of very
> > unpredictable data and shouldn't take long to execute. Be wary of
> > commands that do implicit DNS lookups which can take ages to complete.
> >
> > Looking forward to your feedback,
> > Damien Miller
> >
> > --
> > | "Bombay is 250ms from New York in the new world order" - Alan Cox
> > | Damien Miller - http://www.mindrot.org/
> > | Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)
> >
> >
> >
> >
> >
>
>

Re: Announce: Test release with random collection support [ In reply to ]

djm at mindrot

Apr 3, 2000, 3:13 PM

Post #4 of 4 (693 views)

Permalink

On Mon, 3 Apr 2000, Ben Lindstrom wrote:

> [On NeXT]
>
> Ermm.. Where are RAND_add()/RAND_status() suppost to be defined?
>
> I don't see them as part of the OpenSSL headers, nor part of the OpenSSH
> package.

I think that they are recent additions to the OpenSSL API.

<looks at OpenSSL header>

Somewhere between version 0.9.4a and 0.9.5.

-d

--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)