Hello, i have a few questions because the DSA isn't clear whether the security problem is caused by Debian modification or by the fact that openssl prng is very bad.
Does the whole openssl security rely on uninitialized memory ? If yes isn't this bloody naive ? Shouldn't openssl use /dev/random or stuff like this to get good entropy ? Does Debian then advise to completely drop openssl because its PRNG is seeded from uninitialized memory which is not guaranted to be random ? Thanks. -- Benoît Dejean <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
