From owner-freebsd-security@FreeBSD.ORG  Thu Sep 18 17:57:00 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 078C316A4B3
	for <freebsd-security@freebsd.org>;
	Thu, 18 Sep 2003 17:57:00 -0700 (PDT)
Received: from mx7.roble.com (mx7.roble.com [206.40.34.7])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 898E943FCB
	for <freebsd-security@freebsd.org>;
	Thu, 18 Sep 2003 17:56:59 -0700 (PDT)
	(envelope-from marquis@roble.com)
Date: Thu, 18 Sep 2003 17:56:59 -0700 (PDT)
From: Roger Marquis <marquis@roble.com>
To: freebsd-security@freebsd.org
In-Reply-To: <20030919001951.GD2720@saboteur.dek.spc.org>
References: <20030918192135.744AADACAF@mx7.roble.com>
	<20030918231811.GE527@silverwraith.com>
	<20030919001951.GD2720@saboteur.dek.spc.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <20030919005659.4B5A7DACBD@mx7.roble.com>
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:12.openssh
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Sep 2003 00:57:00 -0000

Bruce M Simpson wrote:
> When you run out of inetd to service a single connection, you have to
> generate a new ephemeral key for every ssh instance. This is a needless
> waste of precious entropy from /dev/random.

It takes all of 2 seconds to generate a ssh 2 new session on a
500Mhz cpu (causing less than 20% utilization).  Considering that
99% of even the most heavily loaded servers have more than enough
cpu for this task I don't really see it as an issue.

Also, by generating a different key for each session you get better
entropy, which makes for better encryption, especially when you
consider that the keys for one session are useless when attempting
to decrypt other sessions.  For this reason alone it's better to
run sshd out of inetd.

> I think running sshd out of inetd is a very bad idea indeed, unless
> Mr Marquis is willing to stay in my datacenter and hammer the keys like
> a monkey all day, but even then that might be a poor source of entropy.

I've been using inetd+ssh since 1995, in dozens of data centers,
across hundreds of hosts, and millions of sessions without a single
problem.  I wonder what Bruce Schneier would think of Mr. Simpson's
understanding of cryptography?

-- 
Roger Marquis
Roble Systems Consulting
http://www.roble.com/