Richard Storm wrote:
Is openbsd bind vulnerable to attacks on binds PRNG described here: http://www.securiteam.com/securitynews/5VP0L0UM0A.html
A glance at the README.OpenBSD file for 4.1 in /usr/src/usr.sbin/bind shows (among other things): - add LCG (Linear Congruential Generator) implementation to libisc - use LCG instead of LFSR for ID generation until LFSR is proven reliable - strlcpy/strlcat/snprintf fixes Without digging into things deeper, it looks like this is unlikely to be an issue since the OBSD version doesn't rely on LFSR. -- http://www.memetrics.com - Multivariate testing with Memetrics xOs. Landing page optimization, design & consulting.
