[ale] random numbers on different operating systems [was: Re: Best kind of ssh key]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Sep 25 14:50:01 EDT 2007
On Tue 2007-09-25 13:57:53 -0400, Jeff Lightner wrote:
> I'll have to say that I think it isn't really a good point. While
> PuTTY does run on Windoze it is not built by M$ and any issues it
> would have of the nature discussed would be the fault of the folks
> that wrote it.
Depending on the selected source of randomness, this might or might
not be true. Most modern operating systems provide a standard way to
get access to high-entropy data (the Linux kernel provides /dev/random
for hardware-level random numbers, and /dev/urandom for non-blocking
pseudo-random numbers, for example). I'm sure that among those OSes
which provide such an entropy source as a system service, the quality
of implementation varies.
I have no idea how putty gets its randomness, but if windows offers a
system-level random number bucket, it would be reasonable for PuTTY to
generate its random numbers that way. If there was later discovered
to be a flaw in the Windows RNG (whatever that is), i'd be hard
pressed to say it was a fault of the PuTTY implementors, just as i'd
be hard pressed to fault an openSSH implementation for a failure of
/dev/{u,}random on a Linux system.
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
More information about the Ale
mailing list