diff --git a/openssh-6.2p1-entropy.patch b/openssh-6.2p1-entropy.patch index 7b9faeb..4553422 100644 --- a/openssh-6.2p1-entropy.patch +++ b/openssh-6.2p1-entropy.patch @@ -71,11 +71,11 @@ diff -up openssh-6.2p1/openbsd-compat/port-linux-prng.c.entropy openssh-6.2p1/op + int len; + char *env = getenv("SSH_USE_STRONG_RNG"); + char *random = "/dev/random"; -+ size_t ienv, randlen = 6; ++ size_t ienv, randlen = 14; + + if (!env || !strcmp(env, "0")) + random = "/dev/urandom"; -+ else if ((ienv = atoi(env)) > 6) ++ else if ((ienv = atoi(env)) > randlen) + randlen = ienv; + + errno = 0; @@ -98,7 +98,7 @@ diff -up openssh-6.2p1/ssh-add.0.entropy openssh-6.2p1/ssh-add.0 + from /dev/urandom. If the SSH_USE_STRONG_RNG environment vari- + able is set to value other than 0 the OpenSSL random generator is + reseeded from /dev/random. The number of bytes read is defined -+ by the SSH_USE_STRONG_RNG value. Minimum is 6 bytes. This set- ++ by the SSH_USE_STRONG_RNG value. Minimum is 14 bytes. This set- + ting is not recommended on the computers without the hardware + random generator because insufficient entropy causes the connec- + tion to be blocked until enough entropy is available. @@ -123,7 +123,7 @@ diff -up openssh-6.2p1/ssh-add.1.entropy openssh-6.2p1/ssh-add.1 +the OpenSSL random generator is reseeded from +.Cm /dev/random . +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. -+Minimum is 6 bytes. ++Minimum is 14 bytes. +This setting is not recommended on the computers without the hardware +random generator because insufficient entropy causes the connection to +be blocked until enough entropy is available. @@ -150,7 +150,7 @@ diff -up openssh-6.2p1/ssh-agent.1.entropy openssh-6.2p1/ssh-agent.1 +the OpenSSL random generator is reseeded from +.Cm /dev/random . +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. -+Minimum is 6 bytes. ++Minimum is 14 bytes. +This setting is not recommended on the computers without the hardware +random generator because insufficient entropy causes the connection to +be blocked until enough entropy is available. @@ -178,7 +178,7 @@ diff -up openssh-6.2p1/sshd.8.entropy openssh-6.2p1/sshd.8 +the OpenSSL random generator is reseeded from +.Cm /dev/random . +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. -+Minimum is 6 bytes. ++Minimum is 14 bytes. +This setting is not recommended on the computers without the hardware +random generator because insufficient entropy causes the connection to +be blocked until enough entropy is available. @@ -206,7 +206,7 @@ diff -up openssh-6.2p1/ssh-keygen.1.entropy openssh-6.2p1/ssh-keygen.1 +the OpenSSL random generator is reseeded from +.Cm /dev/random . +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. -+Minimum is 6 bytes. ++Minimum is 14 bytes. +This setting is not recommended on the computers without the hardware +random generator because insufficient entropy causes the connection to +be blocked until enough entropy is available. @@ -234,7 +234,7 @@ diff -up openssh-6.2p1/ssh-keysign.8.entropy openssh-6.2p1/ssh-keysign.8 +the OpenSSL random generator is reseeded from +.Cm /dev/random . +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. -+Minimum is 6 bytes. ++Minimum is 14 bytes. +This setting is not recommended on the computers without the hardware +random generator because insufficient entropy causes the connection to +be blocked until enough entropy is available. @@ -261,7 +261,7 @@ diff -up openssh-6.2p1/ssh.1.entropy openssh-6.2p1/ssh.1 +the OpenSSL random generator is reseeded from +.Cm /dev/random . +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. -+Minimum is 6 bytes. ++Minimum is 14 bytes. +This setting is not recommended on the computers without the hardware +random generator because insufficient entropy causes the connection to +be blocked until enough entropy is available.