Re: Paper on potential security issues with the linux kernel PRNG
* Michael S. Gilbert:
> I just came across a reference [1] on potential flaws in the linux
([1] is based on Linux 2.6.10.)
> kernel PRNG (Pseudo-Random Number Generator). Does anyone know if
> CVE's have been issued for these problems and/or whether they have been
> fixed either upstream or in debian? If not, someone should issue
> requests for CVE's. Thanks for any thoughts.
The German Federal Office for Information Security, BSI, has reviewed
the /dev/random PRNG in the Linux 2.6.21.5 version and recommends its
use (BSI TR-02102, version 1.0, published 2008-06-20). I suppose this
means the flaws you referred are no longer present or not practically
relevant, but I haven't read the code myself.
Reply to: