On Tue, 14 Sep 2010, Perry E. Metzger wrote:
The decision that 1024 bit keys are inadequate for code signing is
likely reasonable. The idea that 2048 bits and not something between
1024 bits and 2048 bits is a reasonable minimum is perhaps arguable.
One wonders what security model indicated
On Mon, 02 Aug 2010, Yaron Sheffer wrote:
the interesting thread on seeding and reseeding /dev/random did not
mention that many of the most problematic systems in this respect
are virtual machines. Such machines (when used for cloud
Any decent hypervisor can supply entropy to the VMs. For
On Mon, 02 Aug 2010, Paul Wouters wrote:
On Mon, 2 Aug 2010, Yaron Sheffer wrote:
In addition to the mitigations that were discussed on the list,
such machines could benefit from seeding /dev/random (or
periodically reseeding it) from the *host machine's* RNG. This is
one thing that's
On Mon, 02 Aug 2010, Christoph Anton Mitterer wrote:
On Sat, 2010-07-31 at 13:36 -0700, John Denker wrote:
And we should move the seed file to somewhere inside /etc or /lib. It is
as
simple as that. /var cannot be used for any data you need at early
userspace.
There are strong