On Tue, 17 Dec 2002, Hubert Chan wrote: > Philip> 2. Does ssh only use urandom once, that is to generate keys while it > is > Philip> configuring? Again I have assumed yes. > > I don't think the public/private key (i.e. host key) generation is much > of an issue, since one should be able to generate these on a different > machine with a good random number source, and copy them over. > > But ssh needs to generate a session key. Since public key crypto is > slower than symmetric crypto, ssh only uses the host key to send a > session key, which is used to do symmetric crypto. I don't know the > *exact* details, but that's the general idea, and it's used in pretty > much all public key crypto systems, or at least in the ones made by > people who know what they're doing.
Thanks. Helpful. Phil. -- Philip Charles; 39a Paterson Street, Abbotsford, Dunedin, New Zealand +64 3 488 2818 Fax +64 3 488 2875 Mobile 025 267 9420 [EMAIL PROTECTED] - preferred. [EMAIL PROTECTED] I sell GNU/Linux & GNU/Hurd CDs. See http://www.copyleft.co.nz