The perils of security tools

Ben Laurie ben at
Thu May 15 05:25:11 EDT 2008

Paul Hoffman wrote:
> I'm confused about two statements here:
> At 2:10 PM +0100 5/13/08, Ben Laurie wrote:
>> The result of this is that for the last two years (from Debian's 
>> "Edgy" release until now), anyone doing pretty much any crypto on 
>> Debian (and hence Ubuntu) has been using easily guessable keys. This 
>> includes SSH keys, SSL keys and OpenVPN keys.
> . . .
>> [2] Valgrind tracks the use of uninitialised memory. Usually it is bad 
>> to have any kind of dependency on uninitialised memory, but OpenSSL 
>> happens to include a rare case when its OK, or even a good idea: its 
>> randomness pool. Adding uninitialised memory to it can do no harm and 
>> might do some good, which is why we do it. It does cause irritating 
>> errors from some kinds of debugging tools, though, including valgrind 
>> and Purify. For that reason, we do have a flag (PURIFY) that removes 
>> the offending code. However, the Debian maintainers, instead of 
>> tracking down the source of the uninitialised memory instead chose to 
>> remove any possibility of adding memory to the pool at all. Clearly 
>> they had not understood the bug before fixing it.
> The second bit makes it sound like the stuff that the Debian folks 
> blindly removed was one, possibly-useful addition to the entropy pool. 
> The first bit makes it sound like the stuff was absolutely critical to 
> the entropy of produced keys. Which one is correct?

They removed _all_ entropy addition to the pool, with the exception of 
the PID, which is mixed in at a lower level.


"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list