[OTR-users] Debian OpenSSL weak PRNG - OTR vulnerable?

Jean-Baptiste Zeller esurnir at gmail.com
Sat May 17 00:27:02 EDT 2008


Gregory Maxwell wrote:
> Some sort of statement should probably be made about the security of
> user identities with respect to the recently uncovered issue with
> Debian's patches to OpenSSL.
> _______________________________________________
> OTR-users mailing list
> OTR-users at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-users
OTR don't use a single line of code from OpenSSL, the prng used is based 
on the libgcrypt library, which isn't concerned as far as I know.

So I guess we can sleep well now that it's covered.

Jean-Baptiste Zeller

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20080517/c7c5a93a/attachment.pgp>


More information about the OTR-users mailing list