On Fri, 21 Apr 2017 22:39:39 +1000
wrote:
> Thanks for the start points, Christian and Philip.
> I would have never thought about those use cases.
> I'll definitely look into this further.
I rewrote some code for key generation for particular memory
Thanks for the start points, Christian and Philip.
I would have never thought about those use cases.
I'll definitely look into this further.
On Wed, 19 Apr 2017 13:31:08 + (UTC)
Christian Weisgerber wrote:
> On 2017-04-19, Philip Guenther wrote:
>
>
On 2017-04-19, Philip Guenther wrote:
> For a broader answer to the "why?", take a look at the patches under
> /usr/ports/ which add uses of the *_deterministic() calls.
For instance, take graphics/netpbm and look at its multitude of
image manipulation tools that take a
On Tue, Apr 18, 2017 at 10:12 PM, wrote:
...
> Yes, it may be "standards mandated" in some cases (r1.39, bin/ksh/var.c) or
> used by 60 pieces of software, but why would software require a PRNG to be
> deterministic?
>
> That is my question, not "what apps and
An idiot whose question lacks clarity. My apologies.
Of course software uses it. What I was trying to ask was *why* would software
actually nee a deterministic PRNG, rather than "what software uses it."
In other words, what will break if the PRNG was non-deterministic?
Yes, it may be "standards
> > Correct that it's not designed for that. But we looked into this a lot
> > when introducing srand_determinstic(3).
>
> Are there any applications out there that explicitly require the PRNG
> to be deterministic? It doesn't make sense to have that kind of thing
> there for minute corner cases,
On Sun, 16 Apr 2017 12:01:48 + (UTC)
Stuart Henderson wrote:
> On 2017-04-15,
> wrote:
> > OpenBSD still randomizes PIDs, but I don't see the point these days:
> >
On 2017-04-15, wrote:
> OpenBSD still randomizes PIDs, but I don't see the point these days:
> https://security.stackexchange.com/questions/88692/do-randomized-pids-bring-more-security/89961
'Protect against PID prediction vulnerabilities
On Sat, 15 Apr 2017 23:16:18 -0600
"Theo de Raadt" wrote:
> > Responding to multiple messages:
> >
> > On Fri, 20 Jan 2017 08:43:46 +0100
> > "minek van" wrote:
> > > I can see that the default users and when creating new ones have
> > > their UID/GUID
> Responding to multiple messages:
>
> On Fri, 20 Jan 2017 08:43:46 +0100
> "minek van" wrote:
> > I can see that the default users and when creating new ones have
> > their UID/GUID incremented by 1.
> >
> > Could it bring more security if the UIDs/GUIDs would be random?
>
Responding to multiple messages:
On Fri, 20 Jan 2017 08:43:46 +0100
"minek van" wrote:
> I can see that the default users and when creating new ones have
> their UID/GUID incremented by 1.
>
> Could it bring more security if the UIDs/GUIDs would be random?
On Mon, 23 Jan
On Mon, Jan 23, 2017 at 11:00 AM, Martin Schröder wrote:
> And what if my UID/GUIDs are random on every host and server? Would
> nfs handle that?
>
Sure. Why not?
But then, I'm only talking about UID/GID selection. I'm assuming that
jsmith is UID 2000 on every system,
2017-01-23 15:37 GMT+01:00 andrew fabbro :
> On Fri, Jan 20, 2017 at 3:44 AM, Martin Schröder
wrote:
>> 2017-01-20 8:43 GMT+01:00 minek van :
>> > Or something would be broken with random UIDs/GUIDs, ex.: NFS? Would it
>> > only do pain?
>>
On Fri, Jan 20, 2017 at 3:44 AM, Martin Schröder wrote:
> 2017-01-20 8:43 GMT+01:00 minek van :
> > Could it bring more security if the UIDs/GUIDs would be random?
>
> Why? What's the attack you want to defend against?
>
I suppose there's some information
2017-01-20 8:43 GMT+01:00 minek van :
> Could it bring more security if the UIDs/GUIDs would be random?
Why? What's the attack you want to defend against?
> Or something would be broken with random UIDs/GUIDs, ex.: NFS? Would it only
> do pain?
Yes.
Hello!
I can see that the default users and when creating new ones have their UID/GUID
incremented by 1.
Could it bring more security if the UIDs/GUIDs would be random?
Or it wouldn't bring any additional security?
Or something would be broken with random UIDs/GUIDs, ex.: NFS? Would it
16 matches
Mail list logo