20 Dec
2013
20 Dec
'13
12:32 p.m.
On Mon, Dec 16, 2013 at 7:27 PM, coderman <coderman@gmail.com> wrote:
... "what is affected??"
fortunately impacts are less than anticipated! nickm devised most concise fix: RAND_set_rand_method(RAND_SSLeay()); always after ENGINE_load_builtin_engines(). https://gitweb.torproject.org/tor.git/commitdiff/7b87003957530427eadce36ed03... --- full write up is here including a BADRAND engine patch for testing: https://peertech.org/goodrand --- last but not least, notable omissions on NSA role in reqs for random number sources in Appendix E: US Government Role in Current Encryption Standards.: http://cryptome.org/2013/12/nsa-usg-crypto-role.pdf can we get a do-over?