log☇︎
17 entries in 0.962s
asciilifeform: re : 'difficult for changes to be inserted unnoticed' -- did they ever even pin a name on the debian rng lulz ?
a111: 14 results for "debian rng", http://btcbase.org/log-search?q=debian%20rng
asciilifeform: !#s debian rng
ben_vulpes: the debian rng bug is a good example of hosed RNGs, that's a fine place to start
asciilifeform: since the debian incident, enemy stepped up the 'NOBUS' crapola; no noar '32768 possible keys, total', instead things moar in the spirit of http://qntra.net/2016/08/rng-whitening-bug-weakened-all-versions-of-gpg
mircea_popescu: leaking rng quality is more of a concern for debian/prngs.
asciilifeform: i ran into it when trying to replicate the classical 'dead rng' debian setup
asciilifeform: lol debian rng
a111: Logged on 2016-11-17 16:02 Framedragger: in fact.. due to https://hdm.io/tools/debian-openssl/ correctly pointing out that "This flaw is ugly because even systems that do not use the Debian software need to be audited in case any key is being used that was created on a Debian system.", someone should attempt botnet-brute-login to all 13M+ (i forget lol) ssh hosts with rng-fucked client keys.
Framedragger: in fact.. due to https://hdm.io/tools/debian-openssl/ correctly pointing out that "This flaw is ugly because even systems that do not use the Debian software need to be audited in case any key is being used that was created on a Debian system.", someone should attempt botnet-brute-login to all 13M+ (i forget lol) ssh hosts with rng-fucked client keys. ☟︎
Framedragger: http://log.mkj.lt/trilema/20161117/#508 << someone with time on their hands should write script to attempt logins at all of these with rng-fucked ssh keys (available at https://hdm.io/tools/debian-openssl/ i think though did not check, or re-gen themselves, shouldnt be hard)!
asciilifeform: is the question specifically concerning the buggy debian rng ?
BingoBoingo: ;;google debian rng 2006
PinkPosixPXE: ignore the debian portion, rng-tools is something most OS's should have available
assbot: Helping The Random Number Generator To Gain Enough Entropy With rng-tools (Debian Lenny) | HowtoForge - Linux Howtos and Tutorials
PinkPosixPXE: http://www.howtoforge.com/helping-the-random-number-generator-to-gain-enough-entropy-with-rng-tools-debian-lenny
BingoBoingo: God is actually just the old Debian RNG flaw, n always ===== 6