[Pkg-openssl-devel] [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

[Christoph Martin]

Dirk-Willem van Gulik schrieb:
> 
> On May 20, 2008, at 10:41 PM, Christoph Martin wrote:
> 
>> Hi Dirk-Willem,
>>
>> Dirk-Willem van Gulik schrieb:
>>> Christoph - will be posting below to debian-security sometime later
>>> today as I am in the middle of check if we move this to a more proper
>>> place. But wanted to give you a heads up - if that helps.
>>
>> Thanks for your input. Please be aware that I just created a svn
>> repository on alioth:
>> svn+alioth://svn.debian.org/svn/pkg-openssl/openssl-blacklist
>>
>> At the moment there is only the basic package from ubuntu.

> Note that I'll leave the tool making for now - just will be focusing on
> getting the actual moduli as complete as possible; and leave the
> generation of shortened derivatives like [1] or the even shorter
> versions made by [2] to the tool makers.
> 
> I am more focused on getting known and verifiable input to create '1'.

That woold be very good. I tried to find this out myself but did not yet
find the correct information.

> 1:http://svn.debian.org/viewsvn/pkg-openssl/openssl-blacklist/trunk/blacklist.RSA-1024
> 
> 2:http://svn.debian.org/viewsvn/pkg-openssl/openssl-blacklist/trunk/debian/rules

Christoph

-- 
============================================================================
Christoph Martin, Leiter der EDV der Verwaltung, Uni-Mainz, Germany
 Internet-Mail:  Christoph.Martin at Verwaltung.Uni-Mainz.DE
  Telefon: +49-6131-3926337
      Fax: +49-6131-3922856

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20080521/6ad226f3/attachment.pgp