Hi, * Christoph Anton Mitterer <cales...@scientia.net> [2012-02-20 10:05]: > I've been just shocked when I went through the patches and saw that one > removes > the usage of /dev/urandom and replaces it by some week seed.
I'm not sure if I can agree with you here. The fact that before the patch the code was using urandom doesn't necessarily make it more secure. Actually looking at the patch, the code was using a one character seed (0..255) as a random seed before. Please see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=333552 Kind regards Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
pgpvivDdi49Sg.pgp
Description: PGP signature
