[ROS] The perils of security tools
Steven M. Bellovin
smb at cs.columbia.edu
Tue May 13 18:35:24 EDT 2008
On Tue, 13 May 2008 23:27:52 +0100
Ben Laurie <ben at links.org> wrote:
> >>> Ben: I haven't looked at the actual code in question -- are you
> >>> saying that the *only* way to add more entropy is via this pool of
> >>> uninitialized memory?
> >> No. That would be fantastically stupid.
> >>
> > So why are are the keys so guessable? Or did they delete other
> > code?
>
> "However, the Debian maintainers, instead of tracking down the source
> of the uninitialised memory instead chose to remove any possibility
> of adding memory to the pool at all."
>
Ah -- you wrote "adding memory" rather than "adding entropy", which I
found ambiguous.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list