[Swan-dev] Question on get_cookie() code
paul at nohats.ca
Thu Jan 7 15:41:10 UTC 2016
On Thu, 7 Jan 2016, Andrew Cagney wrote:
> Surely, if our FIPS certified random pool is leaking information we've
> a bigger problem.
Yes, hence my "extra paranoid" remark :)
> (any attempt to deplete the entropy pool, should, as a side effect, feed it).
That might also give the attack a spoon to stir the cauldron in ways
that would benefit them. Double edge sword :)
More information about the Swan-dev