[Pkg-nagios-devel] Bug#660585: [Secure-testing-team] Bug#660585: nagios-nrpe-server: again use secure RNG
Nico Golde
nion at debian.org
Mon Feb 20 10:58:40 UTC 2012
Hi,
* Christoph Anton Mitterer <calestyo at scientia.net> [2012-02-20 10:05]:
> I've been just shocked when I went through the patches and saw that one removes
> the usage of /dev/urandom and replaces it by some week seed.
I'm not sure if I can agree with you here. The fact that before the patch the
code was using urandom doesn't necessarily make it more secure. Actually
looking at the patch, the code was using a one character seed (0..255) as a
random seed before. Please see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=333552
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20120220/1c124a31/attachment.pgp>
More information about the Pkg-nagios-devel
mailing list