[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)

On Wed, May 14, 2008 at 03:33:52PM -0400, Ivan Jager wrote:
> I think that might depend on how not truly random the data is. For  
> example, suppose the pool is coded to simply xor the new entropy with the 
> pool.

It's not -- it's hashed in using a cryptographic hash function.

/* Steinar */
Homepage: http://www.sesse.net/

Reply to: