On Mon, Apr 21, 2014 at 02:38:52AM +0100, Steven Chamberlain wrote: > > They've ripped out this whole PRNG now to use the one from their own libc: > > http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/crypto/rand/rand_lib.c.diff?r1=1.14;r2=1.15
And I think just a change like that might work on OpenBSD but will totally break security on all other OSes. OpenBSD documents that it will acutally regurally reseed it, and do so on fork(). There is no such documentation for Linux so I assume it doesn't. OpenBSD also replaced RC4 with ChaCha20, while Linux probably still uses RC4. We should stop using RC4. So this might be a good thing on OpenBSD, but it's not a good thing for something that needs to be portable. Kurt -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140421082106.ga31...@roeckx.be