There was some discussion recently about the Solaris /dev/random
support that can be downloaded from Sun's patch archive as part of
a patch to the Sun Web Server 1.0 product. The SUNWski package
is the interesting bit that purports to provide /dev/random.
It was noted that domestic and international versions of the patch
existed and that only the international (no encryption) version
was downloadable. Nobody stepped forward to verify that the
international version actually produced quality random data suitable
for using with strong encryption.
Well, I was bored, so I started rummaging in my pile of Solaris boxes.
In the Solaris 7 (11/99) server box, I found Sun Web Server 2.1, which
contains SUNWski. Although this is a newer version of the product,
it contains the same 1.0 version of the SUNWski package as does the
105710-01 patch.
I've installed both the version of SUNWski from my CD and the one
from the patch and computed checksums of all the files. They differ.
This could be due to trivial things like timestamps. Or, it could
be actual differences in the software. Without sources, who can tell?
I think I'm going to get my Solaris /dev/random support from the CD
Sun sent me, rather than from a possibly-crippled downloaded version.
If anybody knows that the SUNWski that's bundled with Sun Web Server
2.1 is not secure, or if anybody can convince me that egd.pl is
superior, I'm all ears. (Absolutely not criticising egd.pl here!
It's worked fine in my testing over the last day or so.)
Paul Allen
--
Paul L. Allen | voice: (425) 865-3297 fax: (425) 865-2964
Unix Technical Support | paul.l.allen@boeing.com
Boeing Phantom Works Math & Computing Technology Site Operations,
POB 3707 M/S 7L-68, Seattle, WA 98124-2207
support that can be downloaded from Sun's patch archive as part of
a patch to the Sun Web Server 1.0 product. The SUNWski package
is the interesting bit that purports to provide /dev/random.
It was noted that domestic and international versions of the patch
existed and that only the international (no encryption) version
was downloadable. Nobody stepped forward to verify that the
international version actually produced quality random data suitable
for using with strong encryption.
Well, I was bored, so I started rummaging in my pile of Solaris boxes.
In the Solaris 7 (11/99) server box, I found Sun Web Server 2.1, which
contains SUNWski. Although this is a newer version of the product,
it contains the same 1.0 version of the SUNWski package as does the
105710-01 patch.
I've installed both the version of SUNWski from my CD and the one
from the patch and computed checksums of all the files. They differ.
This could be due to trivial things like timestamps. Or, it could
be actual differences in the software. Without sources, who can tell?
I think I'm going to get my Solaris /dev/random support from the CD
Sun sent me, rather than from a possibly-crippled downloaded version.
If anybody knows that the SUNWski that's bundled with Sun Web Server
2.1 is not secure, or if anybody can convince me that egd.pl is
superior, I'm all ears. (Absolutely not criticising egd.pl here!
It's worked fine in my testing over the last day or so.)
Paul Allen
--
Paul L. Allen | voice: (425) 865-3297 fax: (425) 865-2964
Unix Technical Support | paul.l.allen@boeing.com
Boeing Phantom Works Math & Computing Technology Site Operations,
POB 3707 M/S 7L-68, Seattle, WA 98124-2207