Re: dowkd.pl - how the blacklist data is generated ?

To: Alexandre Dulaunoy <adulau@foo.be>
Cc: debian-security@lists.debian.org
Subject: Re: dowkd.pl - how the blacklist data is generated ?
From: nicolas vigier <boklm@mars-attacks.org>
Date: Thu, 15 May 2008 01:49:57 -0400
Message-id: <[🔎] 20080515054957.GA13221@mars-attacks.org>
In-reply-to: <[🔎] 1baa801f0805140526k4f4d2e65u7b9fac8be61dc727@mail.gmail.com>
References: <[🔎] 1baa801f0805140526k4f4d2e65u7b9fac8be61dc727@mail.gmail.com>

On Wed, 14 May 2008, Alexandre Dulaunoy wrote:

> Hi,
> 
> For my understanding, the black list in the dowkd.pl is generated
> from the potential remaining entropy source which seems to be
> only the PID value added in the pool.
> 
> Could we have some false negative[1] when running the dowkd script ?
> and would it possible to have the source code of the "black list
> generator" application
> (especially to see the endianness effect on some arch) ?
> 
> Thanks a lot for any info,

I don't know how dowkd script was generated, but there are some tools on
this page to generate all the possibles keys :
http://metasploit.com/users/hdm/tools/debian-openssl/

Nicolas

Reply to:

References:
- dowkd.pl - how the blacklist data is generated ?
  - From: "Alexandre Dulaunoy" <adulau@foo.be>

Prev by Date: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Next by Date: Re: [SECURITY] [DSA 1571-1] vulnerability of past SSH/SSL sessions
Previous by thread: dowkd.pl - how the blacklist data is generated ?
Next by thread: leakage of keys?
Index(es):
- Date
- Thread