Cryptographic weakness on Debian systems
Posted May 13, 2008 17:01 UTC (Tue) by pharm
In reply to: Cryptographic weakness on Debian systems
Parent article: Cryptographic weakness on Debian systems
My thinking is that it might
actually not be uninitialized data at all, but is instead the content handed over by a part of
the interface for SSL random number pool that actually accept random data and add them to the
pool, i.e., most of the "real" randomness available.
Which makes perfect sense, except that I don't understand why purify & valgrind would
about it in that case. Oh well. No doubt all will become clear eventually & I don't have time to
down the logic right now...
to post comments)