-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Julien Cristau wrote:
> Package: dtc-xen
> Version: 0.2.6-5
> Severity: important
> Tags: security
>
> Hi,
>
> dtc-xen creates an ssl certificate in its postinst, using
> "${RANDOM}${RANDOM}" as the passphrase. This is obviously insecure.
>
> Cheers,
> Julien
What do you suggest? Should I use mktemp to get the random values
instead? Why is it insecure? Is ${RANDOM} predictable?
Thanks for reporting, I'll be learning something with this one.
Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF9PRYl4M9yZjvmkkRAjVRAJwP1NZeXCk33KJ5XV0eGmIg7m9VdACfXtiK
KarW/8m3XssOZgKKWvbYQKc=
=iUzt
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
