John Gilmore wrote:
This bill makes it a crime to use any false or misleading information
in a domain name or email account application, and then send an email.
That would make a large fraction of hotmail users instant criminals.
Why? Can't you register a domain using a proxy? I think this
R. A. Hettinga wrote:
An Australian-made open source project is set to become one of the world's
leading cryptography tools.
Hasn't this already happened with OpenSSL?
--
Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains: postino.it, tiscali.co.uk,
Perry E. Metzger wrote:
Complicated systems are the bane of security. Systems like this are
simple to understand, simple to audit, simple to guard.
I fully agree, but there is a wide variety of voting schemes out there,
of varying complexity. In a ballot with only very few options, your
* Amir Herzberg:
# Protecting (even) Naïve Web Users, or: Preventing Spoofing and
Establishing Credentials of Web Sites, at
http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/trusted%20credentials%20area.PDF
The trusted credentials area is an interesting concept. However,
experience suggests
* Amir Herzberg:
Florian Weimer wrote:
* Amir Herzberg:
# Protecting (even) Naïve Web Users, or: Preventing Spoofing and
Establishing Credentials of Web Sites, at
http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/trusted%20credentials%20area.PDF
The trusted credentials area is an interesting
* Hal Finney:
Only now are we belatedly beginning to pay the price for that decision.
If anything, it's surprising that it has taken this long. If phishing
scams had sprung up five years ago it's possible that SET would have
had a fighting chance to survive.
Wouldn't typical phishing
* Jerrold Leichter:
| Not quite correct, the first bank transfer occurred earlier this year,
| in a PR event arranged by the same group:
|
| http://www.quantenkryptographie.at/rathaus_press.html
|
| However, I still don't believe that quantum cryptography can buy you
| anything but
* Bill Stewart:
I agree that it doesn't look useful, but lawful intercept is harder,
if you're defining that as undetected eavesdropping with
possible cooperation of the telco in the middle,
because quantum crypto needs end-to-end fiber so there's
nothing the telco can help with except
* Dave Emery:
Correct me if I am wrong, but don't most of the passive, cheap
RF or magnetic field powered RFIDs transmit maybe 128 bits of payload,
not thousands and thousands of bits which would be enough to include
addresses, names, useful biometric data and so forth ?
Those that
* R. A. Hettinga quotes a news article:
There have been numerous media reports in recent years that terrorist
groups, including al-Qaida, were using steganographic techniques.
As far as I know, these news stories can be tracked back to a
particular USA Today story. There's also been a bunch
* Adam Shostack:
On Sat, Dec 11, 2004 at 10:24:09PM +0100, Florian Weimer wrote:
| * R. A. Hettinga quotes a news article:
|
| There have been numerous media reports in recent years that terrorist
| groups, including al-Qaida, were using steganographic techniques.
|
| As far as I know
* Victor Duchovni:
The third mode is quite common for STARTTLS with SMTP if I am not
mistaken. A one day sample of inbound TLS email has the following cipher
frequencies:
8221(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
6529(using TLSv1 with cipher
* Victor Duchovni:
The Debian folks have recently stumbled upon a problem in this area:
Generating the ephemeral DH parameters is expensive, in terms of CPU
cycles, but especailly in PRNG entropy. The PRNG part means that it's
not possible to use /dev/random on Linux, at least on servers.
* Ian G.:
R.A. Hettinga wrote:
http://help.channels.aol.com/article.adp?catId=6sCId=415sSCId=4090articleId=217623
Have questions? Search AOL Help articles and tutorials:
.
If you no longer want to use AOL PassCode, you must release your screen
name from your AOL PassCode so that you will no
* Stefan Mink:
a) It would be good to hear from this community if there
are any negative aspects of OpenVPN (vs. IPsec VPNs).
It's not standardized, and it only interoperates with itself (but this
is true for many IPsec implementations as well). This is more than
compensated by its
* David Wagner:
I don't buy it. How do you know that Skype is more secure, let alone
vastly more private? Maybe Skype is just as insecure as those other
systems. For all we know, maybe Skype is doing the moral equivalent
of encrypting with the all-zeros key, or using a repeating xor with a
* Jack Lloyd:
http://theory.csail.mit.edu/~yiqun/shanote.pdf
Thanks for the pointer.
No real details, just collisions for 80 round SHA-0 (which I just confirmed)
and 58 round SHA-1 (which I haven't bothered with), plus the now famous work
factor estimate of 2^69 for full SHA-1.
As usual,
* Joseph Ashwood:
Page 5 finally begins the actual information.
Page 5 plaintext sector data should be encrypted with one-time-use
(pseudo-)random keys serves no purpose if a strong mode is used. The only
purpose this serves is to slow the system down as additional searches have
to be
* Adam Back:
Does anyone have info on the cost of sub-ordinate CA cert with a name
space constraint (limited to issue certs on domains which are
sub-domains of a your choice... ie only valid to issue certs on
sub-domains of foo.com).
Is there a technical option to enforce such a policy on
- you must prove it before you can report it
I don't think this is a good policy in general. Often, it's more
cost-effective to fix a potential vulnerability than to investigate it
in detail, construct a proof that it's real, and fix it. This is
especially true in environments where changes
I'd like to come up to speed on the state of the
art in de-identification (~=anonymization) of data
especially monitoring data (firewall/hids logs, say).
We call it pseudonymization (Pseudonymisierung). It's a commonly
used technique in Germany to detaint personally identifiable
information,
I came across an application which uses RSA signatures on plain MD5
hashes, without padding (the more significant bits are all zero).
Even worse, the application doesn't check if the padding bits are
actually zero during signature verification. The downside is that the
encryption exponent is
* Peter Fairbrother:
No, it isn't! A handwritten signature is far better, it gives post-facto
evidence about who authorised the transaction - it is hard to fake a
signature so well that later analysis can't detect the forgery,
Apparently, handwritten signatures can be repudiated, at least
* Michael Heyman:
www.newscientist.com/channel/info-tech/mg18625054.000
ATTEMPTS to build quantum computers could run up
against a fundamental limit on how long useful
information can persist inside them.
My local source of quantum computing knowledge says that the
conclusions
* Jason Holt:
You may be correct, but readers should also know that, at least in Linux:
/usr/src/linux/drivers/char/random.c:
* All of these routines try to estimate how many bits of randomness a
* particular randomness source. They do this by keeping track of the
* first and second
* Lance James:
Feature, or flaw?
Couldn't you just copy (or proxy all content) and get the same effect
without using frames at all?
Maybe I'm just missing something.
-
The Cryptography Mailing List
Unsubscribe by sending
* Lance James:
Couldn't you just copy (or proxy all content) and get the same effect
without using frames at all?
How would you go about doing that and still get the SSL Lock to remain
as the banks? Can you give an example?
In both cases, you have the SSL lock on your own certificate.
At
* Lance James:
And as stated above, reverse the effect and it would be the banks in
scenarios such as XSS.
In case of XSS or CSRF, you have lost anyway. The web was not
designed as a presentation service for transaction processing,
especially if the transactions involve significant value.
* Steven M. Bellovin:
In message [EMAIL PROTECTED], Nick Owen writes:
It would seem simple to thwart such a trojan with strong authentication
simply by requiring a second one-time passcode to validate the
transaction itself in addition to the session.
How does the user know which transaction
* Perry E. Metzger:
[EMAIL PROTECTED] writes:
But nevertheless, I do not understand why americans are so afraid of
an ID card.
Perhaps I can explain why I am.
I do not trust governments. I've inherited this perspective. My
grandfather sent his children abroad from Speyer in Germany just
* Nick Owen:
I think that the cost of two-factor authentication will plummet in the
face of the volumes offered by e-banking.
I doubt this is true. In Germany, we already use some form of
two-factor authentication for Internet banking transaction (account
number/password and a one-time
* David Alexander Molnar:
Actually, smart cards are here today. My local movie theatre in Berkeley,
California is participating in a trial for MasterCard PayPass. There is
a little antenna at the window; apparently you can just wave your card at
the antena to pay for tickets. I haven't
* Perry E. Metzger:
Nick Owen [EMAIL PROTECTED] writes:
It would seem simple to thwart such a trojan with strong authentication
simply by requiring a second one-time passcode to validate the
transaction itself in addition to the session.
Far better would be to have a token with a display
Take a look at Boojum Mobile -- it is
precisely the idea of using the cell
phone as an out-of-band chanel for an
in-band transaction.
http://www.boojummobile.com
In the foreseeable future, this approach won't stop fraudulent
transactions because the one-time password does not depend on the
* Nap van Zuuren:
Might be a nice (intellectual) crypto-exercise, but I am afraid that the
concept of the Qualified Signature will not get a widespread
implementation, expect for very specific areas/disciplines.
That's by design, all those notaries public don't like being replaced
by
* James A. Donald:
Is it possible for two web sites to arrange for cross
logins?
SXIP is a relatively open effort in that direction. The rootsite
seems to be proprietary, though.
-
The Cryptography Mailing List
Unsubscribe
* Perry E. Metzger:
A major identity theft ring has been discovered that affects up to 50
banks, according to Sunbelt Software, the security company that says
it uncovered the operation. The operation, which is being
investigated by the FBI, is gathering personal data from
* Adam Fields:
They stated on their blog that they only did so because they couldn't
get anyone's attention in law enforcement,
You mean this part?
| We have notified the FBI, but no response just yet. We have notified a
| few of the parties involved. (Update: It looks like they were working
* Udhay Shankar N.:
http://nytimes.com/2005/08/17/business/worldbusiness/17code.html
Chinese Cryptologists Get Invitations to a U.S. Conference, but No Visas
Didn't something similar happen at the FIRST conference in Hawaii a
couple of years ago? It's sad that it's going to happen again next
* R. A. Hettinga quotes:
Today RSA is perhaps best known for staging a prestigious annual security
conference and for selling 20 million little devices that display a
six-digit code computer users must type to gain access to computer
networks. The code, which changes every minute as
* Perry E. Metzger:
Via cryptome:
http://evilscientists.de/blog/?page_id=343
The Cisco VPN Client uses weak encryption to store user and group
passwords in your local profile file. I coded a little tool to
reveal the saved passwords from a given profile file.
If this is true,
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00803ee1f0.html#wp2477015
- - -
Cisco Client Parameters
Allow Password Storage on Client - Check this box to allow IPSec
clients to store their login passwords on their local
* James A. Donald:
I figured that the obvious solution to all this was to deploy zero
knowledge technologies, where both parties prove knowledge of the
shared secret without revealing the shared secret.
Keep in mind that one party runs the required software on a computed
infected with
* Charlie Kaufman:
The probability of a single run of Miller-Rabin or Fermat not
detecting that a randomly chosen number is composite is almost
vanishingly small.
How do you chose a random integer, that this, based on which
probability distribution? 8-)
Anyway, one can show that for some
* Perry E. Metzger:
I haven't been following the IPSec mailing lists of late -- can anyone
who knows details explain what the issue is?
These bugs have been uncovered by a PROTOS-style test suite. Such
test suites can only reveal missing checks for boundary conditions,
leading to
* Peter Gutmann:
I haven't been following the IPSec mailing lists of late -- can anyone
who knows details explain what the issue is?
These bugs have been uncovered by a PROTOS-style test suite. Such test
suites can only reveal missing checks for boundary conditions, leading to
out- of-bounds
* William Allen Simpson:
Quoting Photuris: Design Criteria, LNCS, Springer-Verlag, 1999:
The hallmark of successful Internet protocols is that they are
relatively simple. This aids in analysis of the protocol design,
improves implementation interoperability, and reduces operational
* William Allen Simpson:
Florian Weimer wrote:
Photuris uses a baroque variable-length integer encoding similar to
that of OpenPGP, a clear warning sign. 8-/
On the contrary:
+ a VERY SIMPLE variable-length integer encoding, where every number
has EXACTLY ONE possible representation
* Nicholas Bohm:
[EMAIL PROTECTED] wrote:
You know, I'd wonder how many people on this
list use or have used online banking.
To start the ball rolling, I have not and won't.
--dan
I do.
My bank provides an RSA SecureId, so I feel reasonably safe against
anyone other than the bank.
You know, I'd wonder how many people on this
list use or have used online banking.
To start the ball rolling, I have not and won't.
Why? Repudiating transactions is easier than ever. As a consumer, I
fear technology which is completely secure according to experts, but
which can be broken
* Eugen Leitl:
The German PIN/TAN system is reasonably secure, being an effective
one-time pad distributed through out of band channel (mailed dead
tree in a tamperproof envelope).
Some banks have optimized away the special envelope. 8-(
It is of course not immune to phishing (PIN/TAN
* Jonathan Thornburg:
Ahh, but how do you know that the transaction actually sent to the
bank is the same as the one you thought you authorized with that OTP?
If your computer (or web browser) has been cracked, you can't trust
_anything_ it displays. There are already viruses in the wild
* Ulrich Kuehn:
In 2000 someone here in Germany already demonstrated how to attack
smart card based HBCI transactions. Those transactions are
authorized by an RSA signature done by the card.
Here's a link: http://www.heise.de/newsticker/meldung/9349
The attack relyed on the card reader not
* Werner Koch:
On Sat, 11 Feb 2006 12:36:52 +0100, Simon Josefsson said:
1) It invoke exit, as you have noticed. While this only happen
in extreme and fatal situations, and not during runtime,
it is not that serious. Yet, I agree it is poor design to
do this in a library.
* Bill Stewart:
Or you could try using the Google Keyserver -
just because there isn't one
doesn't mean you can't type in 9E94 4513 3983 5F70
or 9383DE06 or [EMAIL PROTECTED] PGP Key
and see what's in Google's cache.
What a peculiar advice. We know for sure that Google logs these
* Hadmut Danisch:
The only precise definition I found is in a law dictionary where it is
defined as a legal term.
The OED might also be helpful:
B. [...] 2. a. A chief actor or doer; the chief person engaged in
some transaction or function, esp. in relation to one employed by or
acting
* Travis H.:
IIUC, protocol design _should_ be easy, you just perform some
finite-state analysis and verify that, assuming your primitives are
ideal, no protocol-level operations break it.
Is this still true if you don't know your actual requirements?
* Sandy Harris:
Recent news stories seem to me to make it obvious that anyone with privacy
concerns (i.e. more-or-less everyone) should be encrypting as much of their
communication as possible. Implementing opportunistic encryption is the
best way I know of to do that for the Internet.
I'm
* James A. Donald:
The obvious solution to the phishing crisis is the widespread
deployment of SRP, but this does not seem to happening. SASL-SRP was
recently dropped. What is the problem?
There is no way to force an end user to enter a password only over
SRP. That's why SRP is not
* Ka-Ping Yee:
Passpet's strategy is to customize a button that you click. We
are used to recognizing toolbar buttons by their appearance, so
it seems plausible that if the button has a custom per-user icon,
users are unlikely to click on a spoofed button with the wrong
icon. Unlike other
* Anne Lynn Wheeler:
Florian Weimer wrote:
If you've deployed two-factor authentication (like German banks did in
the late 80s/early 90s), the relevant attacks do involve compromised
customer PCs. 8-( Just because you can't solve it with your technology
doesn't mean you can pretend
* Anne Lynn Wheeler:
Florian Weimer wrote:
FINREAD is really interesting. I've finally managed to browse the
specs, and it looks as if this platform can be used to build something
that is secure against compromised hosts. However, I fear that the
support costs are too high, and that's why
* Steven M. Bellovin:
I have more than a passing aquaintance with the complexity of phone
switch software; doing that was *hard* for anyone, especially anyone
not a switch developer.
Isn't Ericsson's switching software written in Erlang, is highly
modular and officially supports run-time code
* Travis H.:
On 7/11/06, Hal Finney [EMAIL PROTECTED] wrote:
: So what went wrong? Answer: NIST failed to recognize that table lookups
: do not take constant time. âTable lookup: not vulnerable to timing
: attacks, NIST stated in [19, Section 3.6.2]. NIST's statement was,
: and is,
* Steven M. Bellovin:
I wonder how accurate this is. It's certainly true that some drives have
vendor passwords to unlock them. It's hard to see how they could break
through (good) software encryption,
A lot of software tends to create temporary files in random places.
If you don't encrypt
* Douglas F. Calvert:
I remember seeing a paper about identifying private keys in RAM. I
thought it was by Rivest but I can not locate it for the life of me.
Does anyone remember reading something like this? The basic operation
was to identify areas in RAM that had certain characteristics
* Steven M. Bellovin:
Again -- the scheme isn't foolproof, but it's probably *good enough*.
I agree that if you consider this scheme in isolation, it's better
than plain user names and passwords. But I wonder if it significantly
increases customer confusion because banks told their customer
* James A. Donald:
DOS is now a major problem - every business, online
games, money movers, banks, porno sites, casinos, now
comes under DOS attack from extortionists.
How do Hamiltonian paths protect against the H.R.4411 attack?
(Part of the DoS problem online casinos face is that due to
I hesitate to use the syllable crypto in describing this paper,
but those who have not seen it may find it interesting.
http://www.arx.com/documents/The_Unbearable_Lightness_of_PIN_Cracking.pdf
Or profitable.
In a weired sense, yes. If I understand the paper correctly, the
authors show
* Saqib Ali:
You can read about the competition, which will come to a close in the
next 90 days at:
http://www.fbo.gov/spg/USAF/AFMC/ESC/FA8771-07-R-0001/Attachments.html
In the process, the following document has been published:
* Perry E. Metzger:
If you go over to, say, www.fidelity.com, you will find that you can't
even get to the http: version of the page any more -- you are always
redirected to the https: version.
Of course, this only helps if users visit the site using bookmarks
that were created after the
* James A. Donald:
Obviously financial institutions should sign their
messages to their customers, to prevent phishing. The
only such signatures I have ever seen use gpg and come
from niche players.
Deutsche Postbank uses S/MIME, and they are anything but a niche
player. It doesn't help
* Peter Gutmann:
Dave Korn [EMAIL PROTECTED] writes:
Surely if this goes ahead, it will mean that DNSSEC is doomed to widespread
non-acceptance.
I realise this is a bit of a cheap shot, but:
How will this be any different from the current situation?
You can see that the keys change and
* Simon Josefsson:
However, in practice I don't believe many will trust the root key
alone -- for example, I believe most if not all Swedish ISPs would
configure in trust of the .se key as well.
There are some examples that such static configuration is extremely
bad. Look at the problems
* Travis H.:
Also there's a semantic issue; am I attesting to the plaintext,
or the ciphertext? It's possible the difference could be important.
With sign, then encrypt, it's also possible that the receiver decrypts
the message, and then leaks it, potentially giving the impression that
the
* Perry E. Metzger:
This seems to me to be, yet again, an instance where failure to
consider threat models is a major cause of security failure.
Sorry, but where's the security failure? Where can you buy hardware
devices that can copy HD disks? Or download software that does, with
a readily
* Ian G.:
Does anyone know what Sun failed to opensource in the crypto part of
Java?
The Sun JCE provider appears to be missing, which means that few
cryptographic algorithms are actually implemented in the source drop.
All the symmetric encryption algorithms are missing, for instance.
* Ian G.:
My worry was that they hadn't open sourced the architecture component,
the part that wasn't meant to be replaceable. However even if open
sourced, Sun may still wield a stick over the providers by insisting
that they manage the signing process for the providers.
The signing
* Victor Duchovni:
That's good of you not to expect it, given that zero of the major CAs
seem to support ECC certs today, and even if they did, those certs
would not work in IE on XP.
We are not talking about this year or next of course. My estimate is
that Postfix releases designed this
* Victor Duchovni:
But no one is issuing certificates which are suitable for use with
SMTP (in the sense that the CA provides a security benefit). As far
as I know, there isn't even a way to store mail routing information in
X.509 certificates.
There is no need to store routing
* John Ioannidis:
I wonder how much it cost them to find current addresses for
everybody so we could be notified.
I guess it's pretty easy because your personal information is
available to so many organizations, without any safeguards.
Obviously, they had your social security number (it's only
* Jerry Leichter:
OK, I could live with that as stated. But:
The code also adds: We reserve the right to request access to
your computer or device in order to verify that you have taken
all reasonable steps to protect your computer or device and
safeguard your
* Ian G.:
Banks are the larger and more informed party.
But not as far as client-side fraudulent activity is concerned. After
all, the attacked systems are not under their administrative control.
They need to provide systems that are reasonable given the situation
(anglo courts generally
* Anne Lynn Wheeler:
In the mid-90s, financial institutions looking at the internet for
online, commercial banking and cash management (i.e. business
equivalent to consumer online banking) were extremely conflicted
... they frequently were almost insisting on their own appliance at
the
* Peter Fairbrother:
I forgot to mention that Pt.3 also includes coercive demands for
access keys - so for instance if Mr Bill Gates came to the UK, and if
there was some existing question about Microsoft's behaviour in some
perhaps current EU legal matter, Mr Gates could be required to give
* Udhay Shankar N.:
Hasn't this already been going on a while? I'm only surprised there
hasn't been a big public incident yet.
Doesn't this one count?
| According to Chief Superintendent Arye Edelman, head of the Tel Aviv
| fraud squad, which ran the investigation, Haephrati used two methods
* Ian Farquhar:
Crypto has been an IP minefield for some years. With the expiry of
certain patents, and the availability of other unencumbered crypto
primitives (eg. AES), we may see this change. But John's other
points are well made, and still valid. Downloadable MP3 ring tones
are a
* John Ioannidis:
Florian Weimer wrote:
It's also an open question whether network operators subject to
interception requirements can legally offer built-in E2E encryption
capabilities without backdoors.
You probably meant device vendors, not network operators. The whole
*point* of E2E
* Hal Finney:
Information on the quality of AV and other security products is widely
available on the net, in magazines and other places that consumers
might look for reviews and comparisons. This is completely unlike
the situation with individual used cars. I don't see this analogy as
* Simon Josefsson:
One would assume that if you disable the password, the data would NOT be
accessible. Making it accessible should require a read+decrypt+write of
the entire disk, which would be quite time consuming. It may be that
this is happening in the background, although it isn't
* Ivan Krstić:
On Oct 3, 2007, at 4:39 AM, Florian Weimer wrote:
But this exhibits an issue with disk-based encryption: you can't
really know what they are doing, and if they are doing it right.
(Given countless examples of badly-deployed cryptography, this isn't
just paranoia, but a real
* William Allen Simpson:
Assuming,
Dp := any electronic document submitted by some person, converted to its
canonical form
Cp := a electronic certificate irrefutably identifying the other person
submitting the document
Cn := certificate of the notary
Tn := timestamp
* Ivan Krstić:
We've recently had to jump through the BIS crypto export hoops at
OLPC. Our systems both ship with crypto built-in and, due to their
Fedora underpinnings, allow end-user installation of various crypto
libraries -- all open-source -- through our servers. It was a
nightmare; the
) if this message turns out to be
spam. There's nothing related to confidentiality that I know of.
--
Florian Weimer[EMAIL PROTECTED]
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721
approaches:
|
| * The content of a page disappears when its respective encryption key
| is deleted, a very fast operation. [...]
AFAICS, the patent does not reference the paper.
--
Florian Weimer[EMAIL PROTECTED]
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100
* James A. Donald:
From time to time I hear that DNSSEC is working fine, and on examining
the matter I find it is working fine except that
Seems to me that if DNSSEC is actually working fine, I should be able
to provide an authoritative public key for any domain name I control,
and
, or if the code is actually bogus.
(And for most (all?) non-trivial software, source code acquisition
costs are way below validiation costs, so public availability of
source code is indeed a red herring.)
--
Florian Weimer[EMAIL PROTECTED]
BFK edv-consulting GmbH http://www.bfk.de
* Peter Gutmann:
Debian seem to be particularly bad for not reporting changes to
maintainers,
This shouldn't be the case. There's a clear policy that non-packaging
changes (basically, anything beyond trivial build fixes and pathname
changes for FHS compliance) should be submitted upstream.
* Ben Laurie:
Jonathan S. Shapiro wrote:
Ben: I'm idly curious. Was this exceptionally unusual case where use of
uninitialized memory was valid properly commented in the code?
It's mentioned in the manpage for a function that eventually calls the
function that was (correctly) patched--through
* Ben Laurie:
I must confess that I said that because I did not have the energy to
figure out the other routes to adding entropy, such as adding an int
(e.g. a PID, which I'm told still makes it in there).
The PID dependency is there because of the need for fork
support--obviously, the PRNG
1 - 100 of 138 matches
Mail list logo