previously on this list Theo de Raadt contributed: > Do not feed RSA private key information to the random subsystem as > entropy. It might be fed to a pluggable random subsystem.... > > What were they thinking?!
My guess considering the reasoning for introducing exploit mitigation mitigation, would be something to do with being scared about embedded devices having little entropy but of course and pre-empting your reply.. in that case you probably can't trust the embedded device anyway as the dev should be considering entropy amongst many other things. I believe they decided to feed in RSA certs from connecting peers too in order to share Linux poor entropy and it may have come about as a secondary result of that without proper consideration on the basis of crappy vendors. This theory is just conjecture from past news items and not the openssl list or anything. -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd _______________________________________________________________________ I have no idea why RTFM is used so aggressively on LINUX mailing lists because whilst 'apropos' is traditionally the most powerful command on Unix-like systems it's 'modern' replacement 'apropos' on Linux is a tool to help psychopaths learn to control their anger. (Kevin Chadwick) _______________________________________________________________________
