[124215] in cryptography@c2.net mail archive
Re: [ROS] The perils of security tools
daemon@ATHENA.MIT.EDU (Ben Laurie)
Thu May 22 12:17:39 2008
Date: Wed, 14 May 2008 10:24:08 +0100
From: Ben Laurie <ben@links.org>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
CC: smb@cs.columbia.edu, open-source@csl.sri.com,
cryptography@metzdowd.com
In-Reply-To: <E1Jw9je-0004ee-Lt@wintermute01.cs.auckland.ac.nz>
Peter Gutmann wrote:
> Ben Laurie <ben@links.org> writes:
>
>> I must confess that I said that because I did not have the energy to figure
>> out the other routes to adding entropy, such as adding an int (e.g. a PID,
>> which I'm told still makes it in there).
>
> So just to clarify, does the Debian patch only remove the ability to add
> uninitialised memory (which will be all-zeroes anyway on an OS with proper
> resource controls) or does it remove the ability to add any entropy at all?
> The advisory makes it sound like it's the latter.
Indeed, it is the latter.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com