http://www.links.org/?p=327
So apparently, openssl is using noninitialized memory as one source of randomness. For some obscure reason (probably valgrind's complaints) this feature was removed from openssl on debian (ubuntu) machines. An interesting reading, btw. On Wed, May 14, 2008 at 12:06 AM, Dotan Cohen <[EMAIL PROTECTED]> wrote: > 2008/5/14 Tzafrir Rehan <[EMAIL PROTECTED]>: > > > So apparently all keys were produced using the same random seed? > > > > That's simply mindblowing! > > > > No, but a finite set of random numbers were used to generate the seed. > Basically, if you have two sufficiently similar machines you could > create a key on one, examine it, and decode a key produced on the > other. This is way over simplified, but it illustrates the point. > > Any machine using a key generated on an affected machine should be > considered vulnerable. Not compromised, but vulnerable. Generate new > keys (on slackware :)) and get switching. > > Dotan Cohen > > > http://what-is-what.com > http://gibberish.co.il > א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת > > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > > > _______________________________________________ > Haifux mailing list > [email protected] > http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux > -- Orr Dunkelman, [EMAIL PROTECTED] "Any human thing supposed to be complete, must for that reason infallibly be faulty" -- Herman Melville, Moby Dick. GPG fingerprint: C2D5 C6D6 9A24 9A95 C5B3 2023 6CAB 4A7C B73F D0AA (This key will never sign Emails, only other PGP keys. The key corresponds to [EMAIL PROTECTED]) _______________________________________________ Haifux mailing list [email protected] http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
