X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/48e7916f513cb6fa03b5997ce57646b7b9a631da..ef2839b9393d9f994f3264806d49a3ebe0d37b00:/WARNING.RNG

diff --git a/WARNING.RNG b/WARNING.RNG
index 5f129f40..1b9137ed 100644
--- a/WARNING.RNG
+++ b/WARNING.RNG
@@ -12,16 +12,16 @@ A particularly pernicious problem arises with DSA keys (used by the
 ssh2 protocol). Performing a DSA signature (which is required for
 authentication), entails the use of a 160 bit random number.  If an
 attacker can predict this number, then they can deduce your *private*
-key and impersonate you.
+key and impersonate you or your hosts.
 
 If you are using the builtin random number support (configure will
-tell you if this is the case), then read this document in its entirety
-and consider disabling ssh2 support (by adding "Protocol 1" to
-sshd_config and ssh_config).
+tell you if this is the case), then read this document in its entirety.
+Alternately, you can use Lutz Jaenicke's PRNGd - a small daemon which
+collects random numbers and makes them available by a socket.
 
 Please also request that your OS vendor provides a kernel-based random
 number collector (/dev/random) in future versions of your operating
-systems.
+systems by default.
 
 On to the description...
 
@@ -40,9 +40,10 @@ the specified program.
 
 The random number code will also read and save a seed file to
 ~/.ssh/prng_seed. This contents of this file are added to the random
-number generator at startup.
+number generator at startup. The goal here is to maintain as much 
+randomness between sessions as possible.
 
-This approach presents two problems:
+The entropy collection code has two main problems:
 
 1. It is slow.
 
@@ -78,3 +79,5 @@ up and various other factors.
 To make matters even more complex, some of the commands are reporting
 largely the same data as other commands (eg. the various "ps" calls).
 
+$Id$
+