Date: Mon, 24 Nov 2008 10:07:18 -0800 (PST) From: Nate Eldredge <neldredge@math.ucsd.edu> To: freebsd-security@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-08:11.arc4random Message-ID: <Pine.GSO.4.64.0811241001430.1597@zeno.ucsd.edu> In-Reply-To: <200811241747.mAOHlDSE034716@freefall.freebsd.org> References: <200811241747.mAOHlDSE034716@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Upon reading this, my first question was whether the weakness applies to the random numbers supplied by /dev/random. If it does, then userspace has been getting non-random values, and things like PGP and SSH keys could be compromised. It might be good for secteam to clarify this, IMHO. On Mon, 24 Nov 2008, FreeBSD Security Advisories wrote: > FreeBSD-SA-08.11.arc4random Security Advisory > The FreeBSD Project ... -- Nate Eldredge neldredge@math.ucsd.edu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.64.0811241001430.1597>