[ROS] The perils of security tools

Ben Laurie ben at links.org
Wed May 14 05:24:08 EDT 2008

Peter Gutmann wrote:
> Ben Laurie <ben at links.org> writes:
>> I must confess that I said that because I did not have the energy to figure
>> out the other routes to adding entropy, such as adding an int (e.g. a PID,
>> which I'm told still makes it in there).
> So just to clarify, does the Debian patch only remove the ability to add
> uninitialised memory (which will be all-zeroes anyway on an OS with proper
> resource controls) or does it remove the ability to add any entropy at all?
> The advisory makes it sound like it's the latter.

Indeed, it is the latter.

http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list