A couple of people have suggested I mention the change that was actually
made. These are the relevant URLs:
http://svn.debian.org/viewsvn/pkg-openssl?rev=141&view=rev
http://svn.debian.org/viewsvn/pkg-openssl/openssl/trunk/rand/md_rand.c?rev=141&r1=140&r2=141
> Does the whole openssl security rely on uninitialized memory ?
>
> If yes isn't this bloody naive ?
>
> Shouldn't openssl use /dev/random or stuff like this to get good
> entropy ?
No openssl security does not "rely on uninitialized memory". Take a few
minutes to read the code.
ttfn/rjk
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
