From fded67e7120d79c619e541ccd3ba19898c194b5b Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Tue, 1 Apr 2014 08:04:25 -0700
Subject: [PATCH] Use deterministic signatures for ECDSA keys.

This is now considered the preffered approach across the board for ECDSA. This
is because with the traditional, random "k" parameter for ECDSA, any entropy
problems at all, even a single bit, about "k", results in a complete compromise
(see https://en.wikipedia.org/wiki/ECDSA#Security). The deterministic algorithm
doesn't have this downside.
---
 paramiko/ecdsakey.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/paramiko/ecdsakey.py b/paramiko/ecdsakey.py
index 6ae2d27..0d47a3b 100644
--- a/paramiko/ecdsakey.py
+++ b/paramiko/ecdsakey.py
@@ -21,6 +21,8 @@ L{ECDSAKey}
 """
 
 import binascii
+import hashlib
+
 from ecdsa import SigningKey, VerifyingKey, der, curves
 from Crypto.Hash import SHA256
 from ecdsa.test_pyecdsa import ECDSA
@@ -98,9 +100,8 @@ class ECDSAKey (PKey):
         return self.signing_key is not None
 
     def sign_ssh_data(self, rpool, data):
-        digest = SHA256.new(data).digest()
-        sig = self.signing_key.sign_digest(digest, entropy=rpool.read,
-                                           sigencode=self._sigencode)
+        sig = self.signing_key.sign_deterministic(
+            data, sigencode=self._sigencode, hashfunc=hashlib.sha256)
         m = Message()
         m.add_string('ecdsa-sha2-nistp256')
         m.add_string(sig)