* Thorsten Glaser: > Florian Weimer dixit: > >>I'd also see a change that limits the number of bytes which is read from >>/dev/urandom (32 or fewer should be enough). I'm concerned about >>looping shell scripts darinign entropy from the pool at an unacceptably >>high rate. > > For things like that, the OpenBSD and MirBSD kernels have /dev/arandom, > which itself is also generated from arc4random(9). It's interesting that > things like that haven't yet been picked up by other operating systems.
While this is arguably the correct fix (it also addresses the threading issue), it is not something we can roll out in a security update because it's unlikely to find its way into upstream kernels. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]