Ben Laurie
Thu, 22 May 2008 08:39:29 -0700
Peter Gutmann wrote:
Ben Laurie <[EMAIL PROTECTED]> writes:I must confess that I said that because I did not have the energy to figure out the other routes to adding entropy, such as adding an int (e.g. a PID, which I'm told still makes it in there).So just to clarify, does the Debian patch only remove the ability to add uninitialised memory (which will be all-zeroes anyway on an OS with proper resource controls) or does it remove the ability to add any entropy at all? The advisory makes it sound like it's the latter.
Indeed, it is the latter. -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]