Peter Palfrader wrote:
Due to the weakness in our openssl's random number generator (see the
Debian Security Advisory #1571 from a few minutes ago[1]) that affects
among other things ssh keys we have disabled public key auth on all
project systems until further notice.
Hi all,
if I understand
BALLABIO GERARDO [EMAIL PROTECTED] writes:
if I understand correctly, the problem was that openssl used some
segment of uninitialized memory as a source of entropy, and the
offending patch cleared it.
This is not correct. Clearing tmpbuf before reading /dev/urandom is
harmless. The broken
On Wed May 14, 2008 at 10:21:18 +0200, BALLABIO GERARDO wrote:
If so, and if that was the ONLY entropy source used in generating keys,
then upstream openssl is (and has always been) just as broken as the
patched Debian package.
It wasn't.
Steve
--
Debian GNU/Linux System Administration
2008/5/14 BALLABIO GERARDO [EMAIL PROTECTED]:
However I wonder, is the pristine behavior correct? As far as I know, it
is NOT justified at all to rely on the assumption that uninitialized
memory contains random data. I read that many architectures reset it to
some magic number, e.g.,
On Wed, May 14, 2008 10:21, BALLABIO GERARDO wrote:
Peter Palfrader wrote:
Due to the weakness in our openssl's random number generator (see the
Debian Security Advisory #1571 from a few minutes ago[1]) that affects
among other things ssh keys we have disabled public key auth on all
project
On Wed, 14 May 2008, David Härdeman wrote:
If the entropy pool is properly coded, there is no negative effect of
adding data which may or may not be truly random to the pool (i.e. you
cannot degrade the quality of the pool no matter what you add). Therefore
step b) might add some entropy or it
On Wed, May 14, 2008 at 03:33:52PM -0400, Ivan Jager wrote:
I think that might depend on how not truly random the data is. For
example, suppose the pool is coded to simply xor the new entropy with the
pool.
It's not -- it's hashed in using a cryptographic hash function.
/* Steinar */
--
7 matches
Mail list logo