[ But for what it's worth, I am willing to bet that the script was
added without analyzing these subtle considerations, and that makes it
somewhat scary on its own accord. ]
/mz
> Ubuntu's reseed(8) can be used to seed the PRNG state of a host. The
> script is run when the package installed, and anytime su executes the
> script.
>
> reseed(8) performs a unsecured HTTP request to random.org for its
> bits, despite random.org offering HTTPS services.
This resulted in a coup
On Wed, 2011-07-06 at 00:04 -0400, Jeffrey Walton wrote:
> Ubuntu's reseed(8) can be used to seed the PRNG state of a host. The
> script is run when the package installed, and anytime su executes the
> script.
>
> reseed(8) performs a unsecured HTTP request to random.org for its
> bits, despite ra
On Tue, Jul 5, 2011 at 9:04 PM, Jeffrey Walton wrote:
> Ubuntu's reseed(8) can be used to seed the PRNG state of a host. The
> script is run when the package installed, and anytime su executes the
> script.
... someone thought this was a good idea.
[an entropy pool remotely biased by MitM attack
Ubuntu's reseed(8) can be used to seed the PRNG state of a host. The
script is run when the package installed, and anytime su executes the
script.
reseed(8) performs a unsecured HTTP request to random.org for its
bits, despite random.org offering HTTPS services.
The Ubuntu Security Team took no i