[Pkg-gnutls-maint] Bug#489523: pidgin-otr: key generation uses too much entropy from /dev/random
Thibaut VARENE
varenet at debian.org
Thu Jul 10 15:20:29 UTC 2008
reassign 489523 pidgin-otr
tag 489523 pending
severity 489523 important
thanks
Re-reassigning, setting proper severity (after all it takes a
particular crafting of things to break keygen, most users didn't
complain!) and mark as pending, I'm gonna upload a package with
attached patch from Ian!
T-Bone
On Thu, Jul 10, 2008 at 5:01 PM, Ian Goldberg <ian at cypherpunks.ca> wrote:
> On Thu, Jul 10, 2008 at 10:46:20AM +0200, Thibaut VARENE wrote:
>> Hi Ian,
>>
>> Just in case you haven't seen this (I didn't receive it for some reason):
>>
>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489523#37
>>
>> HTH
>
> That *does* help! I didn't know about that command.
>
> Feel free to reassign the bug back to pidgin-otr, and apply this patch
> (which I've checked into CVS):
>
> --- otr-plugin.c 2 Jul 2008 18:33:09 -0000 1.21
> +++ otr-plugin.c 10 Jul 2008 12:42:44 -0000 1.22
> @@ -973,6 +973,11 @@
> otrg_dialog_set_ui_ops(otrg_gtk_dialog_get_ui_ops());
> #endif
>
> +#ifndef WIN32
> + /* Make key generation use /dev/urandom instead of /dev/random */
> + gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
> +#endif
> +
> /* Initialize the OTR library */
> OTRL_INIT;
>
>
>
> - Ian
>
More information about the Pkg-gnutls-maint
mailing list