|
|
|
|
|
|
by meowface
706 days ago
|
|
|
Ouch, that one's bad: https://github.com/g0tmi1k/debian-ssh#the-bug >These lines were removed because they caused the Valgrind and Purify tools to produce warnings about the use of uninitialized data in any code that was linked to OpenSSL. Removing this code has the side effect of crippling the seeding process for the OpenSSL PRNG. Instead of mixing in random data for the initial seed, the only "random" value that was used was the current process ID. On the Linux platform, the default maximum process ID is 32,768, resulting in a very small number of seed values being used for all PRNG operations. |
|
|