[124333] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: [ROS] The perils of security tools

daemon@ATHENA.MIT.EDU (Ben Laurie)
Fri May 23 18:56:43 2008

Date: Fri, 23 May 2008 22:55:58 +0100
From: Ben Laurie <ben@links.org>
To: Florian Weimer <fw@deneb.enyo.de>
CC: "Steven M. Bellovin" <smb@cs.columbia.edu>, 
 Robust Open Source <open-source@csl.sri.com>,
 Cryptography <cryptography@metzdowd.com>
In-Reply-To: <87mymgln7p.fsf@mid.deneb.enyo.de>

Florian Weimer wrote:
> * Ben Laurie:
> 
>> I must confess that I said that because I did not have the energy to
>> figure out the other routes to adding entropy, such as adding an int
>> (e.g. a PID, which I'm told still makes it in there).
> 
> The PID dependency is there because of the need for fork
> support--obviously, the PRNG must return a different key stream in the
> parent and child process, but the two cannot communicate with each
> other.

I'm fully aware why its there! I just wasn't sure (at the time) that 
this change didn't also remove it.

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post