[124214] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: [ROS] The perils of security tools

daemon@ATHENA.MIT.EDU (Peter Gutmann)
Thu May 22 12:17:39 2008

From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: ben@links.org, smb@cs.columbia.edu
Cc: cryptography@metzdowd.com, open-source@csl.sri.com
In-Reply-To: <482A19F2.7020509@links.org>
Date: Wed, 14 May 2008 17:41:06 +1200

Ben Laurie <ben@links.org> writes:

>I must confess that I said that because I did not have the energy to figure
>out the other routes to adding entropy, such as adding an int (e.g. a PID,
>which I'm told still makes it in there).

So just to clarify, does the Debian patch only remove the ability to add
uninitialised memory (which will be all-zeroes anyway on an OS with proper
resource controls) or does it remove the ability to add any entropy at all?
The advisory makes it sound like it's the latter.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post