Re: Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)
- Date: Wed, 14 May 2008 22:24:32 +0200
- From: "Steinar H. Gunderson" <sgunderson@xxxxxxxxxxx>
- Subject: Re: Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)
On Wed, May 14, 2008 at 03:33:52PM -0400, Ivan Jager wrote: > I think that might depend on how not truly random the data is. For > example, suppose the pool is coded to simply xor the new entropy with the > pool. It's not -- it's hashed in using a cryptographic hash function. /* Steinar */ -- Homepage: http://www.sesse.net/ -- To UNSUBSCRIBE, email to debian-devel-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
- References:
- Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)
- From: BALLABIO GERARDO
- Re: Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)
- From: David Härdeman
- Re: Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)
- From: Ivan Jager
- Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)
- Prev by Date: Re: Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)
- Next by Date: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)
- Previous by thread: Re: Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)
- Next by thread: Re: Is openssl actually safe now?
- Index(es):