[26349] in bugtraq
Re: VNC authentication weakness
daemon@ATHENA.MIT.EDU (Jose Nazario)
Fri Jul 26 12:21:36 2002
Date: Fri, 26 Jul 2002 11:38:46 -0400 (EDT)
From: Jose Nazario <jose@monkey.org>
To: Mitch Adair <mitch@theneteffect.com>
Cc: bugtraq@securityfocus.com
In-Reply-To: <200207260413.XAA07879@mako.theneteffect.com>
Message-ID: <Pine.BSO.4.44.0207261135330.16120-100000@naughty.monkey.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Thu, 25 Jul 2002, Mitch Adair wrote:
> Actually it appears that /dev/urandom does deplete the randomness pool
> in Linux at least (and you sortof concede this later in your post I
> think.) I will quote a comment from
> /usr/src/linux-2.4.19rc1/drivers/char/random.c
maybe i'm missing something, but why not pull a PRNG seed from
/dev/random?
___________________________
jose nazario, ph.d. jose@monkey.org
http://www.monkey.org/~jose/
