[124214] in cryptography@c2.net mail archive
Re: [ROS] The perils of security tools
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Thu May 22 12:17:39 2008
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: ben@links.org, smb@cs.columbia.edu
Cc: cryptography@metzdowd.com, open-source@csl.sri.com
In-Reply-To: <482A19F2.7020509@links.org>
Date: Wed, 14 May 2008 17:41:06 +1200
Ben Laurie <ben@links.org> writes:
>I must confess that I said that because I did not have the energy to figure
>out the other routes to adding entropy, such as adding an int (e.g. a PID,
>which I'm told still makes it in there).
So just to clarify, does the Debian patch only remove the ability to add
uninitialised memory (which will be all-zeroes anyway on an OS with proper
resource controls) or does it remove the ability to add any entropy at all?
The advisory makes it sound like it's the latter.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com