* Michael S. Gilbert: > I just came across a reference [1] on potential flaws in the linux
([1] is based on Linux 2.6.10.) > kernel PRNG (Pseudo-Random Number Generator). Does anyone know if > CVE's have been issued for these problems and/or whether they have been > fixed either upstream or in debian? If not, someone should issue > requests for CVE's. Thanks for any thoughts. The German Federal Office for Information Security, BSI, has reviewed the /dev/random PRNG in the Linux 2.6.21.5 version and recommends its use (BSI TR-02102, version 1.0, published 2008-06-20). I suppose this means the flaws you referred are no longer present or not practically relevant, but I haven't read the code myself. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
