tags 658700 + pending confirmed thanks Hi Toby,
On Sun, Feb 5, 2012 at 1:27 PM, Toby Speight <t.m.speight...@cantab.net> wrote: > Package: libpam-usb > Version: 0.5.0-1+tms1 > Severity: normal > Tags: security, patch > > When creating pad files of "random" data, the randomness is quite small. > For an attacker with a local account, the time of login and process id > are quite easy to guess. (Using the deterministic rand() generator to > increase the length to 1024 bytes doesn't generate any extra randomness, > so that's a red herring). Being generous, there's probably 8-12 bits of > entropy, from the point of view of a local adversary. > > This patch increases the entropy bits sizeof(int)*CHAR_BIT bits (i.e. 32 > bits where int is 32 bits), although it does nothing to deal with the > false impression of security given by creating a 8192-bit file. thank you very much, your patch looks very good. I'm going to apply it to git and then I'll upload it very soon. Cheers! -- Alessio Treglia | www.alessiotreglia.com Debian Developer | ales...@debian.org Ubuntu Core Developer | quadris...@ubuntu.com 0416 0004 A827 6E40 BB98 90FB E8A4 8AE5 311D 765A -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
