|
From: Christoph B. <bar...@or...> - 2008-05-14 07:40:47
|
Am Mittwoch, 14. Mai 2008 schrieb Dirk Stoecker: > After I read the rants against Debian, I ask myself why not one of the > OpenSSL authors actually agreed, that taking uninitialised memory is no > good idea (as it is in no way random). They should have replaced that code > long ago by better randomness. The OpenSSL authors do the right thing: 1. They do not depend on the memory randomness. It is just an additional source to many other real random sources. 2. Uninitialized memory does not help for randomness but it also does not hurt. 3. OpenSSL offers a compilation macro (PURIFY) to disable usage of uninitialized memory. This should pacify valgrind for all people that have to debug their applications. Christoph |