Y
Hacker News
new
|
ask
|
show
|
jobs
by
quasque
4406 days ago
> Linux security was significantly reduced at one point because somebody changed
int i
to
int i=0
Could you please elaborate on this one?
2 comments
SoftwareMaven
4406 days ago
It's been a while. I should have restricted it to Debian:
http://jblevins.org/log/ssh-vulnkey
link
nikbackm
4406 days ago
Seems to me they relied on the uninitialized memory of a stack variable as a partial source of randomness for key generation.
Initializing the variable with 0 removed that part.
link
quasque
4406 days ago
Your explanation makes sense. Though I'm still curious as to when this happened and what the impact was.
link