Peter Gutmann wrote:
Ben Laurie <[EMAIL PROTECTED]> writes:
I must confess that I said that because I did not have the energy to figure
out the other routes to adding entropy, such as adding an int (e.g. a PID,
which I'm told still makes it in there).
So just to clarify, does the Debian patch only remove the ability to add
uninitialised memory (which will be all-zeroes anyway on an OS with proper
resource controls) or does it remove the ability to add any entropy at all?
The advisory makes it sound like it's the latter.
Indeed, it is the latter.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
