BugTraq
Ubuntu: reseed(8), random.org, and HTTP request Jul 06 2011 04:04AM
Jeffrey Walton (noloader gmail com) (3 replies)
Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request Jul 06 2011 07:41PM
Michal Zalewski (lcamtuf coredump cx) (1 replies)
Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request Jul 06 2011 07:42PM
Michal Zalewski (lcamtuf coredump cx)
Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request Jul 06 2011 01:06PM
Jamie Strandboge (jamie canonical com)
On Wed, 2011-07-06 at 00:04 -0400, Jeffrey Walton wrote:
> Ubuntu's reseed(8) can be used to seed the PRNG state of a host. The
> script is run when the package installed, and anytime su executes the
> script.
>
> reseed(8) performs a unsecured HTTP request to random.org for its
> bits, despite random.org offering HTTPS services.

Ubuntu's response can be found in the bug:
https://launchpad.net/bugs/804594

--
Jamie Strandboge | http://www.canonical.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJOFF3NAAoJEFHb3FjMVZVzluUP/31+YipZvWu4sxPWnRjL/CFA
maX7pqXYCOp0CMGKw6Ph/bxC7bEjhcKz68jqZYWa9030S0fMWpt54hNOyV1kdphW
Bf4W3fosS/gyTFEPd2dNKSw01eZHjoLymmFj8O92cVlh7M1Ku8r3IEungYsbp8ws
9825SDUmmArY1A+tPhac2+4E1RemBAB69jLHfLdXWzeNrxvOlFcso8OQDvwctJOp
XhihaHkzo9Ugg26GEvFVj7yrFuVavOsPDWhYbTXMQUfOy2thaN45Njuf0mAqpGac
lhP8HIwFaLeptydu8RcBUwiavgvg1w+osMFwbDaR2fYd3ySsQE2YgY5qT7crmbY6
v4nz3H77ODw6bfaYxIQ6SfJMOsQsUS9pp1NI4eftJZW4aHKSTiXm9PTLEmT7c5dx
IECX1mADFBERHdvQHo5GKaGLxFqLv7UyuXFwg8v7O9xfHFHn7UbEFPm1pG8C521K
MyHDO3moSSCMRpSfcPQ+ish9NtFxbGORfRitGbkj2QEzUsgH/aYN/oiwkJgP9AwG
K71U9bFrqPqqUKqzzYhSEPNIzHvteSlmFlLYxzMK4evOPpJETzuttE8g+yWPRJY4
Zl6OPx6PICL2D4aSCvLK/phH6PoziuMltQkdJe7tjQx0hMvhw5+f5/3nLR8C9ZC4
7ohXOzERwCc7hcoTqT9e
=N8E9
-----END PGP SIGNATURE-----

[ reply ]
Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request Jul 06 2011 07:23AM
coderman (coderman gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus