dowkd.pl - how the blacklist data is generated ?

5 msg	DSA/DSS keys and DSA 1576-1/CVE-2008-0166.
2 msg	openssl/openssh fixes for lenny (testing)
2 msg	openssl / x509 certs
2 msg	leakage of keys?

dowkd.pl - how the blacklist data is generated ?
\ Alexandre Dulaunoy (14 May 2008)
. \ nicolas vigier (14 May 2008)

9 msg	Re: [SECURITY] [DSA 1576-1] New openssh package...
4 msg	dowkd.pl via Package
1 msg	CHAO BAN
48 msg	Re: [SECURITY] [DSA 1571-1] New openssl package...
4 msg	Broken link on Debian CVE Web page (Was: [SECUR...
11 msg	Re: [SECURITY] [DSA 1571-1] New openssl package...
3 msg	Re: [SECURITY] [DSA 1575-1] New Linux 2.6.18 pa...
1 msg	Mystery of Lyle & Louise is Making Headlines
1 msg	Herr Bühler Arbeite nicht mehr bei der V-ZUG AG
5 msg	Re: [SECURITY] [DSA 1573-1] New php5 packages f...
4 msg	Re: [SECURITY] [DSA 1572-1] New php5 packages f...
3 msg	Question about Security
37 msg	securing server
1 msg	Re: [SECURITY] [DSA 1570-1] New kazehakase pack...
2 msg	Re: [SECURITY] [DSA 1569-1] New cacti packages ...

Subject:	dowkd.pl - how the blacklist data is generated ?
Group:	Debian-security
From:	Alexandre Dulaunoy
Date:	14 May 2008

Hi,

For my understanding, the black list in the dowkd.pl is generated
from the potential remaining entropy source which seems to be
only the PID value added in the pool.

Could we have some false negative[1] when running the dowkd script ?
and would it possible to have the source code of the "black list
generator" application
(especially to see the endianness effect on some arch) ?

Thanks a lot for any info,

adulau

[1] false positive is not an issue but an advantage. As regenerating keys
in this case is a good idea ;-)

--
-- Alexandre Dulaunoy (adulau) -- http://www.foo.be/
-- http://www.foo.be/cgi-bin/wiki.pl/Diary
-- "Knowledge can create problems, it is not through ignorance
-- that we can solve them" Isaac Asimov

--
To UNSUBSCRIBE, email to debian-security-REQUEST
with a subject of "unsubscribe". Trouble? Contact listmaster