[Swan-dev] Question on get_cookie() code

Paul Wouters paul at nohats.ca
Thu Jan 7 15:41:10 UTC 2016


On Thu, 7 Jan 2016, Andrew Cagney wrote:

> Surely, if our FIPS certified random pool is leaking information we've
> a bigger problem.

Yes, hence my "extra paranoid" remark :)

> (any attempt to deplete the entropy pool, should, as a side effect, feed it).

That might also give the attack a spoon to stir the cauldron in ways
that would benefit them. Double edge sword :)

Paul


More information about the Swan-dev mailing list