offline keygeneration
Prasad
ndprasad at gmail.com
Thu Sep 28 09:57:50 WST 2006
>
> In a general purpose system it would probably be best to
> avoid writing keys to disk, but in an embedded system it
> probably mighn't matter so much (it's a ramdisk anyway?).
> It'll depend on your application.
I am writing it in the /var/tmp which is ramdisk, so it is not a problem.
>
> I'll have a think about a way that Dropbear could do this by
> default - if the listening process could generate keys while
> waiting for new connections, but break out upon a client
> connecting, that would be quite handy.
I am not sure how this might scale for inetd based system. In that
case, we need to have a seperate task as i said to achieve this.
>
> You don't need to call reseedrandom() or crypto_init(), that
> should be fine I think.
>
> > 4) It also fails few times with this method (need to investigate why)
>
> No idea there.
Still i am unsuccessful to make the offline keycreate task stable
along with multiple session. When i just initialize bywith
seedrandom() and then calling gen_kexdh_vals() in a loop once in a
while . The foreground ssh gets struck in the expmod function
sometimes or the task sometimes gets memalloc error when couple of ssh
request comes simultaenously. I find that libtommath uses too many
malloc and free each time.
>
> Thinking a bit more about your hardware, is there any chance
> of increasing the cache size? (does it have any?) Someone
> else using libtommath on a microblaze device seems to think
> that it's the memory speed that makes it so slow [1].
I already increased the data and instruction cache to max. So i dont
think i can increase that anymore.
Thanx
- Prasad
More information about the Dropbear
mailing list