-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 24 Nov 2008 10:07:18 -0800 (PST) Nate Eldredge <[EMAIL PROTECTED]> mentioned:
> Upon reading this, my first question was whether the weakness applies to > the random numbers supplied by /dev/random. If it does, then userspace has > been getting non-random values, and things like PGP and SSH keys could be > compromised. It might be good for secteam to clarify this, IMHO. > Userland applications are unaffected ssh keys included. /dev/[u]?random receives entropy from Yarrow, not from arc4random and feeded with saved entropy upon boot by /etc/rc.d/initrandom. Only kernel services that rely on arc4random(9) is vulnerable. - -- Stanislav Sedov ST4096-RIPE -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAkkrI2cACgkQK/VZk+smlYGvrwCfTEuy+4AIk/b6l6bxRX0tcVs0 PZMAniLO3ltjq5232cErhAtB7u5SJI4J =UmVN -----END PGP SIGNATURE----- _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
