[Pkg-nagios-devel] Bug#660585: [Secure-testing-team] Bug#660585: nagios-nrpe-server: again use secure RNG

Nico Golde nion at debian.org
Mon Feb 20 10:58:40 UTC 2012


Hi,
* Christoph Anton Mitterer <calestyo at scientia.net> [2012-02-20 10:05]:
> I've been just shocked when I went through the patches and saw that one removes
> the usage of /dev/urandom and replaces it by some week seed.

I'm not sure if I can agree with you here. The fact that before the patch the 
code was using urandom doesn't necessarily make it more secure. Actually 
looking at the patch, the code was using a one character seed (0..255) as a 
random seed before. Please see 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=333552

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20120220/1c124a31/attachment.pgp>


More information about the Pkg-nagios-devel mailing list