Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Tech and Talk » OS and Software » All Things Unix » Heads Up: Debian OpenSSL RNG Vuln CVE-2008-0166
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Forum FAQ ·Attitude Adjustment ·Linux docs ·DistroWatch ·OPLM ·FreeBSD Handbook
Gentoo revokes developer rights of 3, Cabal suspected. »
« Which is more stable and reliable UNIX OS?  
AuthorAll Replies


deblin
Dark Side of the Moon
Premium,MVM
join:2001-09-01
Middletown, DE

reply to BeesTea
Re: Heads Up: Debian OpenSSL RNG Vuln CVE-2008-0166

Thanks for the info.

Just stumbled upon this. Interesting point, not sure I entirely agree with it. But certainly in this case the author makes a good point.
--
»hillaryis404.org/
to forum · permalink · · 2008-05-13 10:39:05 · Reply to this


Cabal
Premium
join:2007-01-21
Boston, MA
quote:
Usually it is bad to have any kind of dependency on uninitialised memory, but OpenSSL happens to include a rare case when its OK, or even a good idea: its randomness pool. Adding uninitialised memory to it can do no harm and might do some good, which is why we do it.
I know people hate to comment their code, but maybe intentionally using uninitialized memory would be a good opportunity for that sort of thing.
--
Interested in open source engine management for your Subaru?
to forum · permalink · · 2008-05-13 11:12:03 · Reply to this


Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
said by Cabal See Profile :

I know people hate to comment their code, but maybe intentionally using uninitialized memory would be a good opportunity for that sort of thing.
Funny you should mention that
to forum · permalink · · 2008-05-13 11:37:16 · Reply to this
Forums » Tech and Talk » OS and Software » All Things UnixGentoo revokes developer rights of 3, Cabal suspected. »
« Which is more stable and reliable UNIX OS?  

Thursday, 03-Dec 11:05:04 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [162] Comcast Releasing Promised Usage Meter
· [118] Avast Antivirus Has Gone Mad
· [103] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [80] Latest Consumer Reports Survey Not Kind To AT&T
· [70] Baltimore To Ban Lazy Cable Installs
· [63] Broadband Killed The Game Console
· [55] Rogers Unveils The ISP Dream Model
· [47] ACTA: Global Three Strikes
· [44] Comcast Makes NBC Universal Acquisition Official
· [42] Cable Industry's 'Adoption Plus': Altruism Or PR Stunt?
Most people now reading
· False positive in Avast! or is it real? [Security]
· [Rant] Disrespect of PTO [Rants, Raves, and Praise]
· [TWC] Audio/Video outage in Brooklyn [Time Warner Cable TV/Voice]
· Quality/longevity of 15A 120V receptacles [Home Repair & Improvement]
· Many Sites Unreachable [Rogers]
· outdoor to indoor conduit power run [Home Repair & Improvement]
· [WotLK] Doing away w/ conquest? [World of Warcraft]
· ICC Strats??? [World of Warcraft]
· crack in trane xe80 heater exchange? [Home Repair & Improvement]
· [Newsgroups] Newzleech down? [Filesharing Software]