Mercurial > dropbear
comparison options.h @ 687:167fdc091c05
Improve RNG seeding.
Try to read from /dev/urandom multiple times, take input from extra sources,
and use /dev/random when generating private keys
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 29 Jun 2012 23:19:43 +0800 |
| parents | 63f8d6c469cf |
| children | c58a15983808 |
comparison
equal
deleted
inserted
replaced
| 683:63f8d6c469cf | 687:167fdc091c05 |
|---|---|
| 202 * specified in the SSH_ASKPASS environment variable, and dbclient | 202 * specified in the SSH_ASKPASS environment variable, and dbclient |
| 203 * should be run with DISPLAY set and no tty. The program should | 203 * should be run with DISPLAY set and no tty. The program should |
| 204 * return the password on standard output */ | 204 * return the password on standard output */ |
| 205 /*#define ENABLE_CLI_ASKPASS_HELPER*/ | 205 /*#define ENABLE_CLI_ASKPASS_HELPER*/ |
| 206 | 206 |
| 207 /* Random device to use - define either DROPBEAR_RANDOM_DEV or | 207 /* Source for randomness. This must be able to provide hundreds of bytes per SSH |
| 208 * DROPBEAR_PRNGD_SOCKET. | 208 * connection without blocking. In addition /dev/random is used for seeding |
| 209 * DROPBEAR_RANDOM_DEV is recommended on hosts with a good /dev/(u)random, | 209 * rsa/dss key generation */ |
| 210 * otherwise use run prngd (or egd if you want), specifying the socket. | 210 #define DROPBEAR_URANDOM_DEV "/dev/urandom" |
| 211 * The device will be queried for a few dozen bytes of seed a couple of times | 211 |
| 212 * per session (or more for very long-lived sessions). */ | 212 /* Set this to use PRNGD or EGD instead of /dev/urandom or /dev/random */ |
| 213 | |
| 214 /* We'll use /dev/urandom by default, since /dev/random is too much hassle. | |
| 215 * If system developers aren't keeping seeds between boots nor getting | |
| 216 * any entropy from somewhere it's their own fault. */ | |
| 217 #define DROPBEAR_RANDOM_DEV "/dev/urandom" | |
| 218 | |
| 219 /* prngd must be manually set up to produce output */ | |
| 220 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ | 213 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ |
| 214 | |
| 221 | 215 |
| 222 /* Specify the number of clients we will allow to be connected but | 216 /* Specify the number of clients we will allow to be connected but |
| 223 * not yet authenticated. After this limit, connections are rejected */ | 217 * not yet authenticated. After this limit, connections are rejected */ |
| 224 /* The first setting is per-IP, to avoid denial of service */ | 218 /* The first setting is per-IP, to avoid denial of service */ |
| 225 #ifndef MAX_UNAUTH_PER_IP | 219 #ifndef MAX_UNAUTH_PER_IP |