[Pkg-openssl-devel] bad debian openssl and -rand option
Kurt Roeckx
kurt at roeckx.be
Thu May 22 17:25:48 UTC 2008
On Thu, May 22, 2008 at 06:59:15PM +0200, Kurt Roeckx wrote:
>
> The lists created for the openssl-vulnkey should contain keys for
> combinations of:
> - All PIDs (1 - 32767)
> - Presence of .rnd file (yes or no)
> - Machine endianness (little or big)
> - Word size (I think 32 and 64?)
>
> The effect of the -rand option is probably simular to the effect
> of the presence of the .rnd option. It adds something to the PRNG,
> but the result of that is predictable. There is no way that
> something random can get added to the PRNG. It's not because the
> blacklist doesn't contain the generated key that it's a good key.
I've just read that the existence of the .rnd file has different effects
depending on the version. So that might be an other reason why your key
is not in it.
I've also read that using -rand with a non-existing file also produces
something else.
Kurt
More information about the Pkg-openssl-devel
mailing list