[Pkg-openssl-devel] Bug#363516: explanation needed
Benoît Dejean
benoit at placenet.org
Wed May 14 09:11:35 UTC 2008
Hello, i have a few questions because the DSA isn't clear whether the
security problem is caused by Debian modification or by the fact that
openssl prng is very bad.
Does the whole openssl security rely on uninitialized memory ?
If yes isn't this bloody naive ?
Shouldn't openssl use /dev/random or stuff like this to get good entropy ?
Does Debian then advise to completely drop openssl because its PRNG is
seeded from uninitialized memory which is not guaranted to be random ?
Thanks.
--
Benoît Dejean <benoit at placenet.org>
More information about the Pkg-openssl-devel
mailing list