-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Julien Cristau wrote:
> Package: dtc-xen
> Version: 0.2.6-5
> Severity: important
> Tags: security
> 
> Hi,
> 
> dtc-xen creates an ssl certificate in its postinst, using
> "${RANDOM}${RANDOM}" as the passphrase.  This is obviously insecure.
> 
> Cheers,
> Julien

What do you suggest? Should I use mktemp to get the random values
instead? Why is it insecure? Is ${RANDOM} predictable?

Thanks for reporting, I'll be learning something with this one.

Thomas

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF9PRYl4M9yZjvmkkRAjVRAJwP1NZeXCk33KJ5XV0eGmIg7m9VdACfXtiK
KarW/8m3XssOZgKKWvbYQKc=
=iUzt
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to