On 01/03/2014 03:28 AM, Jitse Klomp wrote: > 2014/1/3 David Benfell <[email protected]> > >> I was unable to find an associated vulnerability in Linux. I trust the >> OpenSSL folks would be on top of this faster than you can blink an eye >> if it were a current issue. They have not, from what I've seen, >> reacted to the revelations. >> > > Interesting read on the openssl-announce list: > http://www.mail-archive.com/[email protected]/msg00127.html > Turns out the openssl implementation of Dual_EC_DRBG was broken anyway... i was just blew away by this: "What almost all commentators have missed is that hidden away in the small print (and subsequently confirmed by our specific query) is that if you want to be FIPS 140-2 compliant you MUST use the compromised points."
i even don't have words to comment on this!!! Adrian
_______________________________________________ CentOS mailing list [email protected] http://lists.centos.org/mailman/listinfo/centos
