Re: Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)

To: debian-devel@lists.debian.org
Subject: Re: Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)
From: "Steinar H. Gunderson" <sgunderson@bigfoot.com>
Date: Wed, 14 May 2008 22:24:32 +0200
Message-id: <[🔎] 20080514202432.GA8767@uio.no>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] Pine.LNX.4.64-044.0805141455350.5371@unix33.andrew.cmu.edu>
References: <[🔎] 53F5051F689FD84AB8A2A5A27BE251958599BA@se000010010046.servinternet.local> <[🔎] 46684.145.64.134.222.1210756659.squirrel@www.hardeman.nu> <[🔎] Pine.LNX.4.64-044.0805141455350.5371@unix33.andrew.cmu.edu>

On Wed, May 14, 2008 at 03:33:52PM -0400, Ivan Jager wrote:
> I think that might depend on how not truly random the data is. For  
> example, suppose the pool is coded to simply xor the new entropy with the 
> pool.

It's not -- it's hashed in using a cryptographic hash function.

/* Steinar */
-- 
Homepage: http://www.sesse.net/

Reply to:

References:
- Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)
  - From: BALLABIO GERARDO <GERARDO.BALLABIO@mpsgr.it>
- Re: Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)
  - From: David Härdeman <david@hardeman.nu>
- Re: Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)
  - From: Ivan Jager <aij+debian@andrew.cmu.edu>

Prev by Date: Re: Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)
Next by Date: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)
Previous by thread: Re: Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)
Next by thread: Re: Is openssl actually safe now?
Index(es):
- Date
- Thread