2008/5/14 BALLABIO GERARDO <[EMAIL PROTECTED]>: > However I wonder, is the pristine behavior correct? As far as I know, it > is NOT justified at all to rely on the assumption that uninitialized > memory contains random data. I read that many architectures reset it to > some magic number, e.g., 0xdeadbeef. Is that correct? > > If so, and if that was the ONLY entropy source used in generating keys, > then upstream openssl is (and has always been) just as broken as the > patched Debian package. While if it was only used in addition to other > sources, all this is probably a non-issue.
I wonder if there could be some tool that created a big amount of random keys and statistically check that the system was working propely. Any chance of a tool like that can exist? Miry -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
