Full Disclosure: Re: Ubuntu: reseed(8), random.org, and HTTP request

Nmap Security Scanner
- Intro
- Ref Guide
- Install Guide
- Download
- Changelog
- Book
- Docs
Security Lists
- Nmap Hackers
- Nmap Dev
- Bugtraq
- Full Disclosure
- Pen Test
- Basics
- More
Security Tools
Site News
Advertising
About/Contact
Sponsors:

Re: Ubuntu: reseed(8), random.org, and HTTP request

From: Jamie Strandboge <jamie () canonical com>
Date: Wed, 06 Jul 2011 08:06:21 -0500

On Wed, 2011-07-06 at 00:04 -0400, Jeffrey Walton wrote:

Ubuntu's reseed(8) can be used to seed the PRNG state of a host. The
script is run when the package installed, and anytime su executes the
script.

reseed(8) performs a unsecured HTTP request to random.org for its
bits, despite random.org offering HTTPS services.


Ubuntu's response can be found in the bug:
https://launchpad.net/bugs/804594

-- 
Jamie Strandboge             | http://www.canonical.com

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Ubuntu: reseed(8), random.org, and HTTP request Jeffrey Walton (Jul 06)
- Re: Ubuntu: reseed(8), random.org, and HTTP request coderman (Jul 06)
  - Re: Ubuntu: reseed(8), random.org, and HTTP request Jeffrey Walton (Jul 06)
    - Re: Ubuntu: reseed(8), random.org, and HTTP request Jonathan Le Vigouroux (Jul 06)
    - Re: Ubuntu: reseed(8), random.org, and HTTP request Jeffrey Walton (Jul 06)
- Re: Ubuntu: reseed(8), random.org, and HTTP request Jamie Strandboge (Jul 06)
- Re: Ubuntu: reseed(8), random.org, and HTTP request Michal Zalewski (Jul 06)
  - Re: Ubuntu: reseed(8), random.org, and HTTP request Michal Zalewski (Jul 06)