Jamie Strandboge wrote:
I discovered that there is also 3rd key which you get if you pass empty file by -rand. Keys created in this way are still the same so it's another possible compromised key. I'm not sure if it worth spend time on counting this keys...Empty files vs non-existent result in the same key here.
http://pocitace.tomasek.cz/debian-randomness/Checkout section Demonstration. I do not speak about non existent .rnd which is created after the first call. I speak about any other non existent file specified by -rand option. That produces third key. But as I said before, I do not expect users use it this very stupid way.
What is your 3rd architecture? On Ubuntu pages I see only PC (Intel x86) desktop CD and 64-bit PC (AMD64) desktop CD?powerpc/sparc. It's in ports and not an officially supported architecture anymore.
I see. I've taken your Ubuntu blacklists and compared against certs issued by our CA none of users were using that rare platforms. Only 32bit and 64bit Intel compatible. But it is good to have them anyway.
-- ----------------------- Jan Tomasek aka Semik http://www.tomasek.cz/
Attachment:
signature.asc
Description: OpenPGP digital signature