|
From: Tom H. <to...@co...> - 2008-05-14 08:33:23
|
In message <e2e...@ma...>
Bart Van Assche <bar...@gm...> wrote:
> On Wed, May 14, 2008 at 10:13 AM, Erik de Castro Lopo
> <eri...@me...> wrote:
>> Christoph Bartoschek wrote:
>>> 2. Uninitialized memory does not help for randomness but it also does not
>>> hurt.
>>
>> True.
>
> If uninitialized memory does not help for randomness, why was leaving
> out uninitialized memory as a randomness source considered to be a
> security hole ? See also http://lwn.net/Articles/281901/.
It wasn't, but they also took out another (identical) line of code
that was actually adding genuine random (and initialised) data at
the same time.
Tom
--
Tom Hughes (to...@co...)
http://www.compton.nu/
|