* [Thomas Bushnell, BSG]
Ssh should provide a non-cryptographically secure mode (such as using
hashes of the low time bits, for example) for use on systems without a
real random bit source.
I believe it does even better, and provides a mode where it hashes the
output of ps aux and suchlike.
Philip a écrit :
2. Does ssh only use urandom once, that is to generate keys while it is
configuring? Again I have assumed yes.
ssh-keygen uses /dev/random to generate keys.
ssh and sshd uses /dev/urandom when they need weak random bits, like for
creating the temporary symetric key. At
On Tue, 17 Dec 2002 13:36:21 +0100, Gaël Le Mignot said:
And /dev/urandom is not really done for cryptographic secure randomness,
it's the goal of /dev/random, not /dev/urandom (and AFAIK ssh only uses
That is not really true. The common implementations of /dev/[u]random
for *BSD and Linux
Werner a écrit :
On Tue, 17 Dec 2002 13:36:21 +0100, Gaël Le Mignot said:
And /dev/urandom is not really done for cryptographic secure randomness,
it's the goal of /dev/random, not /dev/urandom (and AFAIK ssh only uses
That is not really true. The common implementations of
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now
On Wed, Dec 18, 2002 at 11:58:52AM +0100, Gaël Le Mignot wrote:
Werner a écrit :
On Tue, 17 Dec 2002 13:36:21 +0100, Gaël Le Mignot said:
And /dev/urandom is not really done for cryptographic secure randomness,
it's the goal of /dev/random, not /dev/urandom (and AFAIK ssh only uses
On Tue, Dec 17, 2002 at 08:59:37PM +0100, Moritz Schulte wrote:
[EMAIL PROTECTED] (Thomas Bushnell, BSG) writes:
Why do you think it would necessarily be too slow?
Well, of course it creates `some' overhead, since it is another layer
on top of the real filesystem, through which path
On Wed, 18 Dec 2002 11:58:52 +0100, Gaël Le Mignot said:
This is the current implementation, yes, but /dev/urandom doesn't guarantee
anything about the quality of the random bits. It can be secure, but it
It does. It even blocks (well, I checked years ago) as long as the
entropy pools has
[EMAIL PROTECTED] (Gaël Le Mignot) writes:
This is the current implementation, yes, but /dev/urandom doesn't guarantee
anything about the quality of the random bits. It can be secure, but it
can be pseudo-random too, and any program that use /dev/urandom as a secure
source of random bits is
Alfred M. Szmidt [EMAIL PROTECTED] writes:
Why do I feel like repeating this old mantra: Bad security is worse
than no security.
Sez you. Many disagree. Especially for a system in development, with
already has bad security.
Alfred M. Szmidt [EMAIL PROTECTED] writes:
Ssh should provide a non-cryptographically secure mode (such as
using hashes of the low time bits, for example) for use on systems
without a real random bit source.
What Open SSH should do and not do, should be discussed on the Open
SSH
Why do I feel like repeating this old mantra: Bad security is worse
than no security.
Sez you. Many disagree. Especially for a system in development, with
already has bad security.
Fine, would you like to work on this? Or do you purpose to worse the
already bad security?
Folks,
could you just use debian-hurd@lists.debian.org when replying?
ie you don't have to add my name (or other people) in the Bcc:
We are all subscribers of the list.
I've been getting multiple copies. Once or twice is ok, but
too many of them is annoying :(
[ps: I am not the admin of this
On Wed, Dec 18, 2002 at 12:54:17AM +0100, Ga?l Le Mignot wrote:
No, we should use a random translator, which, at least, provide uniform
numbers, and differents number on successive reads.
I have not heard argument(s) against this.
Has anybody looked at kilobug's (Ga?l Le Mignot) random
On Thu, Dec 19, 2002 at 03:53:13AM +0700, Budi Rahardjo wrote:
could you just use debian-hurd@lists.debian.org when replying?
ie you don't have to add my name (or other people) in the Bcc:
We are all subscribers of the list.
I've been getting multiple copies. Once or twice is ok, but
too
On Tue, Dec 17, 2002 at 02:30:21PM -0800, Jeff Bailey wrote:
On Wed, Dec 18, 2002 at 05:24:40AM +0700, Budi Rahardjo wrote:
PS: is there anybody working on sendmail package? it compiles clean
under GNU/Hurd.
Last I checked there were several dependencies that did not compile
cleanly. =(
On Thu, Dec 19, 2002 at 04:05:43AM +0700, Budi Rahardjo wrote:
Would it be better to have (startup) script that reads
/etc/network/interfaces and then calls pfinet to set the IP?
This will be a requirement for the Debian port of the Hurd. Much of the
work is done thanks to the work Marcus did
* [Jeff Bailey]
Hmm - I wish there was some easy way of knowing when to do this or not -
There is. It's called the Mail-Followup-To header, and it's supported
by an ever increasing number of MUAs (including newer Mutt and Gnus).
For a short intro/rant by the ever cuddly DJB:
URL:
Why do I feel like repeating this old mantra: Bad security is worse
than no security.
Sez you. Many disagree. Especially for a system in development, with
already has bad security.
I think that we can all accept that there are currently a variety of
security holes in the Hurd. The type
On Wed, Dec 18, 2002 at 01:12:16PM -0800, Jeff Bailey wrote:
On Thu, Dec 19, 2002 at 04:05:43AM +0700, Budi Rahardjo wrote:
Would it be better to have (startup) script that reads
/etc/network/interfaces and then calls pfinet to set the IP?
This will be a requirement for the Debian port
On Wed, Dec 18, 2002 at 10:45:14PM +0100, Marcus Brinkmann wrote:
Debian never was ported to a system that embeds
such information directly into the filesystem, so it is no wonder that it
doesn't support that right now, but it is clearly superior to setting it at
every boot (reducing start up
Why do I feel like repeating this old mantra: Bad security is worse
than no security.
which one would you prefer?
telnet or ssh (with weak encryption)
-- budi
--
http://budi.insan.co.id
hurd:~/src/tcpdump-3.7.1# ./tcpdump -i eth0
tcpdump: live packet capture not supported on this system
any pointers? explanation?
-- budi
--
http://budi.insan.co.id
23 matches
Mail list logo