tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption



On Sat, Mar 03, 2012 at 11:57:39PM -0500, Thor Lancelot Simon wrote:
> 
> Using less entropy while providing better security cannot possibly be
> a bad thing, no matter what platform you're on.

To be clear, when I say "better security" I refer specifically to
the OpenBSD-specific hack in OpenSSL that keys the OpenSSL RNG with
nothing but arc4random() output.  Other platforms do not have this
issue.

Thor


Home | Main Index | Thread Index | Old Index