On Wed, May 28, 2008 at 08:01:11PM +0200, Ger Hobbelt wrote: > Anything (such as passwords) which has been used on an *actual* > 'compromized box' (be it one of 'those Debian' releases or otherwise) > to _generate_ keys plus any keys _produced_ on such a compromised box > must be eradicated and are not allowed entry. Anything derived from > them will be lost or must be re-encrypted/re-created on a 'good > system'. > [...]
That's a pretty interesting thought process. I should probably write about some of those scenarios. For those who are interested in a discussion of proper RNG behavior, see the section in my online book, here: http://www.subspacefield.org/security/security_concepts.html#tth_sEc21 -- Crypto ergo sum. https://www.subspacefield.org/~travis/ Truth does not fear scrutiny or competition, only lies do. If you are a spammer, please email [EMAIL PROTECTED] to get blacklisted. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
