On Wed, May 14, 2008 at 03:15:18PM +0300, Dotan Cohen wrote:
2008/5/14 Eli Billauer [EMAIL PROTECTED]:
What really beats me, is why the original bug (consuming uninitialized
data) wasn't fixed in the main branch in the first place (which, I
understand, happened at a later stage) rather
http://www.links.org/?p=327
So apparently, openssl is using noninitialized memory as one source of
randomness. For some obscure reason (probably valgrind's complaints)
this feature was removed from openssl on debian (ubuntu) machines.
An interesting reading, btw.
On Wed, May 14, 2008 at 12:06
Dotan Cohen wrote:
2008/5/14 Orr Dunkelman [EMAIL PROTECTED]:
http://www.links.org/?p=327
Lesson 1: Comment your code when doing something unusual // for openssl
Lesson 2: Patch upstream // for debian
Though in the beginning I blamed Debian for this mess, after reading
that
Dotan Cohen wrote:
Lesson 1: Comment your code when doing something unusual // for openssl
Lesson 2: Patch upstream // for debian
I would go for
Lesson 0: Do not mess with cryptographic algorithms and code
Though in the beginning I blamed Debian for this mess, after reading
that
2008/5/14 Eli Billauer [EMAIL PROTECTED]:
What really beats me, is why the original bug (consuming uninitialized
data) wasn't fixed in the main branch in the first place (which, I
understand, happened at a later stage) rather than in a local patch.
Debian does not often push patches
http://www.ubuntu.com/usn/usn-612-1
http://www.ubuntu.com/usn/usn-612-2
http://www.ubuntu.com/usn/usn-612-3
I like how a bug in the random number generator caused this, I actually
found some of my keys in the 100,000 lines blacklist.
Does anyone have more information about this?
--
Tzafrir.
2008/5/13 Tzafrir Rehan [EMAIL PROTECTED]:
http://www.ubuntu.com/usn/usn-612-1
http://www.ubuntu.com/usn/usn-612-2
http://www.ubuntu.com/usn/usn-612-3
I like how a bug in the random number generator caused this, I actually
found some of my keys in the 100,000 lines blacklist.
Does anyone
2008/5/14 Dotan Cohen [EMAIL PROTECTED]:
2008/5/13 Tzafrir Rehan [EMAIL PROTECTED]:
http://www.ubuntu.com/usn/usn-612-1
http://www.ubuntu.com/usn/usn-612-2
http://www.ubuntu.com/usn/usn-612-3
I like how a bug in the random number generator caused this, I actually
found some of my
2008/5/14 Tzafrir Rehan [EMAIL PROTECTED]:
So apparently all keys were produced using the same random seed?
That's simply mindblowing!
No, but a finite set of random numbers were used to generate the seed.
Basically, if you have two sufficiently similar machines you could
create a key on one,
