[ROS] The perils of security tools

Ben Laurie ben at links.org
Wed May 14 05:24:08 EDT 2008


Peter Gutmann wrote:
> Ben Laurie <ben at links.org> writes:
> 
>> I must confess that I said that because I did not have the energy to figure
>> out the other routes to adding entropy, such as adding an int (e.g. a PID,
>> which I'm told still makes it in there).
> 
> So just to clarify, does the Debian patch only remove the ability to add
> uninitialised memory (which will be all-zeroes anyway on an OS with proper
> resource controls) or does it remove the ability to add any entropy at all?
> The advisory makes it sound like it's the latter.

Indeed, it is the latter.

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list