[Pkg-openssl-devel] Bug#363516: The actual change
Richard Kettlewell
rjk at greenend.org.uk
Wed May 14 09:44:03 UTC 2008
A couple of people have suggested I mention the change that was actually
made. These are the relevant URLs:
http://svn.debian.org/viewsvn/pkg-openssl?rev=141&view=rev
http://svn.debian.org/viewsvn/pkg-openssl/openssl/trunk/rand/md_rand.c?rev=141&r1=140&r2=141
> Does the whole openssl security rely on uninitialized memory ?
>
> If yes isn't this bloody naive ?
>
> Shouldn't openssl use /dev/random or stuff like this to get good
> entropy ?
No openssl security does not "rely on uninitialized memory". Take a few
minutes to read the code.
ttfn/rjk
More information about the Pkg-openssl-devel
mailing list