Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

+ - LibreSSL PRNG Vulnerability Patched ->

Submitted by msm1267
msm1267 (2804139) writes "The OpenBSD project late last night rushed out a patch for a vulnerability in the LibreSSL pseudo random number generator (PRNG).

The flaw was disclosed two days ago by the founder of secure backup company Opsmate, Andrew Ayer, who said the vulnerability was a “catastrophic failure of the PRNG.”

OpenBSD founder Theo de Raadt and developer Bob Beck, however, countered saying that the issue is “overblown” because Ayer’s test program is unrealistic. Ayer’s test program, when linked to LibreSSL and made two different calls to the PRNG, returned the exact same data both times.

“It is actually only a problem with the author’s contrived test program,” Beck said. “While it’s a real issue, it’s actually a fairly minor one, because real applications don’t work the way the author describes, both because the PID (process identification number) issue would be very difficult to have become a real issue in real software, and nobody writes real software with OpenSSL the way the author has set this test up in the article.”"

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

LibreSSL PRNG Vulnerability Patched

Comments Filter:

If mathematically you end up with the wrong answer, try multiplying by the page number.

Working...