-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julien Cristau wrote: > Package: dtc-xen > Version: 0.2.6-5 > Severity: important > Tags: security > > Hi, > > dtc-xen creates an ssl certificate in its postinst, using > "${RANDOM}${RANDOM}" as the passphrase. This is obviously insecure. > > Cheers, > Julien
What do you suggest? Should I use mktemp to get the random values instead? Why is it insecure? Is ${RANDOM} predictable? Thanks for reporting, I'll be learning something with this one. Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF9PRYl4M9yZjvmkkRAjVRAJwP1NZeXCk33KJ5XV0eGmIg7m9VdACfXtiK KarW/8m3XssOZgKKWvbYQKc= =iUzt -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]