On 02/22/2012 05:49 PM, Jeffrey Walton wrote:
Remember, OpenSSL gave tacit approval: "If it helps with debugging,
I'm in favor of removing them,"
http://www.mail-archive.com/[email protected]/msg21156.html.
The full quote from Ulf Möller is:
Kurt Roeckx schrieb:
What I currently see as best option is to actually comment out
those 2 lines of code. But I have no idea what effect this really
has on the RNG. The only effect I see is that the pool might
receive less entropy. But on the other hand, I'm not even sure
how much entropy some unitialised data has.
Not much. If it helps with debugging, I'm in favor of removing them.
(However the last time I checked, valgrind reported thousands of
bogus error messages. Has that situation gotten better?)
What Ulf gave was his own weak conditional support based on the way Kurt
posed the question, which implied that it was only entropy from
uninitialized memory being added.
But did OpenSSL go ahead and remove them or express interest a patch? No.
Now that would certainly count as approval.
Personally, I think it's a brilliant example of engineering
miscommunication. One of open source crypto's great teaching moments,
akin to the civil engineer's KC Hyatt walkway collapse.
https://en.wikipedia.org/wiki/Hyatt_Regency_walkway_collapse
Just look at this engineering diagram:
https://en.wikipedia.org/wiki/File:HRWalkway.svg
Could easily be a crypto system.
- Marsh
P.S. Sadly, in case anyone hadn't heard, Ulf Möller died last month.
http://ulf-m.blogspot.com/2012/02/help-us-find-people-who-killed-ulf.html
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
