Upon reading this, my first question was whether the weakness applies to
the random numbers supplied by /dev/random. If it does, then userspace has
been getting non-random values, and things like PGP and SSH keys could be
compromised. It might be good for secteam to clarify this, IMHO.
On Mon, 24 Nov 2008, FreeBSD Security Advisories wrote:
FreeBSD-SA-08.11.arc4random Security Advisory
The FreeBSD Project
...
--
Nate Eldredge
[EMAIL PROTECTED]
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"