Re: How regularly is the GnuPG source code examined?
From: Francois Grieu (fgrieu_at_francenet.fr)
Date: 09/28/05
- Next message: donstockbauer_at_hotmail.com: "Re: Hey Stopids, why does color change?"
- Previous message: Jor-El: "Re: Hey Stopids, why does color change?"
- In reply to: David Wagner: "Re: How regularly is the GnuPG source code examined?"
- Next in thread: David Wagner: "Re: How regularly is the GnuPG source code examined?"
- Reply: David Wagner: "Re: How regularly is the GnuPG source code examined?"
- Reply: Scott A Crosby: "Re: How regularly is the GnuPG source code examined?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Sep 2005 17:06:22 +0200
daw@taverner.cs.berkeley.edu (David Wagner) kindly pointed
http://lwn.net/2000/0525/a/pgp5.html
where we learn that PGP 5.0i for Unix flavours (including
Linux and FreeBSD) once contained
RandBuf = read(fd, &RandBuf, count);
[at a location where reportedly it so happens that count==1]
instead of
(void) read(fd, &RandBuf, 1);
which is expected to read 1 byte from fd, previously set
to /dev/random. First version set Randbuf to 1.
I leave it to the source to state the circumstances when
this creates a security issue.
Nice story. Dunno how to conclude, except that "true random"
sources should be carefully tested, both before and after
any postprocessing/debiasing.
François Grieu
- Next message: donstockbauer_at_hotmail.com: "Re: Hey Stopids, why does color change?"
- Previous message: Jor-El: "Re: Hey Stopids, why does color change?"
- In reply to: David Wagner: "Re: How regularly is the GnuPG source code examined?"
- Next in thread: David Wagner: "Re: How regularly is the GnuPG source code examined?"
- Reply: David Wagner: "Re: How regularly is the GnuPG source code examined?"
- Reply: Scott A Crosby: "Re: How regularly is the GnuPG source code examined?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
