Oh, and note that OpenSSH Portable uses RAND_bytes from libssl to seed its arc4random implementation.
So AFAICT if you were to link OpenSSH Portable against LibreSSL Portable, it would get really crazy: /dev/urandom or sysctl or scary fallback -> LibreSSL Portable getentropy -> LibreSSL Portable arc4random.c (ChaCha-20) -> LibreSSL RAND_bytes -> OpenSSH Portable arc4random.c (ChaCha-20) -> OpenSSH with the stream cipher, seeding and stirring all happening twice. So I really like the idea of both getting an arc4random implementation from one place, such as libbsd. Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
