tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Debian OpenSSL desaster (was: Patch: new random pseudodevice)

[I tried to send this as private mail, but get

host Sparkle-4.Rodents-Montreal.ORG[] refused to talk to me:'s whois server,, is completely broken, handing
550-out no contact information at all when queried for .de domains in
550 the usual way.  Such a domain has no place on a civilized network.

I don't know what this is about and why it hinders anybody from accepting my 
I also don't know whether whoever put this in place assumes me to be in a 
position to influence Denic's behaviour. Or suggests me moving to another 
country where my employer doesn't reside under the .de domain. Or me using 
another special email address for communicating with people in his domain.]

> I don't recall full details, but I think it was a Linux distro
It was the Debian OpenSSL desaster. In essence, they patched OpenSSL's entropy 
gathering to the point where the PID was the only entropy source being used. So 
it generated as many different private keys as there were PIDs it could run 
under, which is 2^16-n, n>1.

Home | Main Index | Thread Index | Old Index