undefined | Better HN

0 pointsquasque11y ago0 comments

> Linux security was significantly reduced at one point because somebody changed int i to int i=0

Could you please elaborate on this one?

0 comments

It's been a while. I should have restricted it to Debian: http://jblevins.org/log/ssh-vulnkey

Seems to me they relied on the uninitialized memory of a stack variable as a partial source of randomness for key generation.

Initializing the variable with 0 removed that part.

quasqueOP11y ago

Your explanation makes sense. Though I'm still curious as to when this happened and what the impact was.

j / k navigate · click thread line to collapse