Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP
--=-WJY20889K/I3tz4XE+Zs
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
On Wed, 2011-07-06 at 00:04 -0400, Jeffrey Walton wrote:
> Ubuntu's reseed(8) can be used to seed the PRNG state of a host. The
> script is run when the package installed, and anytime su executes the
> script.
>=20
> reseed(8) performs a unsecured HTTP request to random.org for its
> bits, despite random.org offering HTTPS services.
Ubuntu's response can be found in the bug:
https://launchpad.net/bugs/804594
--=20
Jamie Strandboge | http://www.canonical.com
--=-WJY20889K/I3tz4XE+Zs
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJOFF3NAAoJEFHb3FjMVZVzluUP/31+YipZvWu4sxPWnRjL/CFA
maX7pqXYCOp0CMGKw6Ph/bxC7bEjhcKz68jqZYWa9030S0fMWpt54hNOyV1kdphW
Bf4W3fosS/gyTFEPd2dNKSw01eZHjoLymmFj8O92cVlh7M1Ku8r3IEungYsbp8ws
9825SDUmmArY1A+tPhac2+4E1RemBAB69jLHfLdXWzeNrxvOlFcso8OQDvwctJOp
XhihaHkzo9Ugg26GEvFVj7yrFuVavOsPDWhYbTXMQUfOy2thaN45Njuf0mAqpGac
lhP8HIwFaLeptydu8RcBUwiavgvg1w+osMFwbDaR2fYd3ySsQE2YgY5qT7crmbY6
v4nz3H77ODw6bfaYxIQ6SfJMOsQsUS9pp1NI4eftJZW4aHKSTiXm9PTLEmT7c5dx
IECX1mADFBERHdvQHo5GKaGLxFqLv7UyuXFwg8v7O9xfHFHn7UbEFPm1pG8C521K
MyHDO3moSSCMRpSfcPQ+ish9NtFxbGORfRitGbkj2QEzUsgH/aYN/oiwkJgP9AwG
K71U9bFrqPqqUKqzzYhSEPNIzHvteSlmFlLYxzMK4evOPpJETzuttE8g+yWPRJY4
Zl6OPx6PICL2D4aSCvLK/phH6PoziuMltQkdJe7tjQx0hMvhw5+f5/3nLR8C9ZC4
7ohXOzERwCc7hcoTqT9e
=N8E9
-----END PGP SIGNATURE-----
--=-WJY20889K/I3tz4XE+Zs--