Steven M. Bellovin
Thu, 22 May 2008 08:34:43 -0700
On Tue, 13 May 2008 23:27:52 +0100
Ben Laurie <[EMAIL PROTECTED]> wrote:
> >>> Ben: I haven't looked at the actual code in question -- are you
> >>> saying that the *only* way to add more entropy is via this pool of
> >>> uninitialized memory?
> >> No. That would be fantastically stupid.
> >>
> > So why are are the keys so guessable? Or did they delete other
> > code?
>
> "However, the Debian maintainers, instead of tracking down the source
> of the uninitialised memory instead chose to remove any possibility
> of adding memory to the pool at all."
>
Ah -- you wrote "adding memory" rather than "adding entropy", which I
found ambiguous.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]