undefined | Better HN

0 pointsquasque12y ago0 comments

> Linux security was significantly reduced at one point because somebody changed int i to int i=0

Could you please elaborate on this one?

0 comments

3 comments · 2 top-level

nikbackm12y ago· 1 in thread

Seems to me they relied on the uninitialized memory of a stack variable as a partial source of randomness for key generation.

Initializing the variable with 0 removed that part.

quasqueOP12y ago

Your explanation makes sense. Though I'm still curious as to when this happened and what the impact was.

It's been a while. I should have restricted it to Debian: http://jblevins.org/log/ssh-vulnkey

j / k navigate · click thread line to collapse