I've been profiling our SSH plugin:
https://gitlab.com/nbdkit/nbdkit/-/tree/master/plugins/ssh
http://oirase.annexia.org/tmp/ssh_get_random.svg
One observation is it seems to spend a lot of time in ssh_get_random;
something like a third of the time in sftp_packet_write is spent
there. Is there an
Hi Rich,
I'm a bit surprised that it's taking so much resource. It's probably
because it's rehashing the whole entropy pool every time we read it.
packet_send uses random input in the padding field. I'm not sure that
simply using zeroes would be fine, but we certainly don't need very high
qua
On Fri, Feb 19, 2021 at 06:37:05PM +0100, Aris Adamantiadis wrote:
> Hi Rich,
>
> I'm a bit surprised that it's taking so much resource. It's probably
> because it's rehashing the whole entropy pool every time we read it.
> packet_send uses random input in the padding field. I'm not sure
> that si
On Friday, 19 February 2021 19:35:16 CET Richard W.M. Jones wrote:
> Hmm, I don't *think* so, although I'm not certain I would know
> how to tell this.
Hi Rich,
I don't think that you run in FIPS mode. On Fedora we have:
fips-mode-setup --check
Andreas
On Sat, Feb 20, 2021 at 07:34:12PM +0100, Andreas Schneider wrote:
> On Friday, 19 February 2021 19:35:16 CET Richard W.M. Jones wrote:
> > Hmm, I don't *think* so, although I'm not certain I would know
> > how to tell this.
>
> Hi Rich,
>
> I don't think that you run in FIPS mode. On Fedora we h