Richard Storm wrote:
> Is openbsd bind vulnerable to attacks on binds PRNG
described here:
> http://www.securiteam.com/securitynews/5VP0L0UM0A.html
A glance at the README.OpenBSD file for 4.1 in
/usr/src/usr.sbin/bind
shows (among other things):
- add LCG (Linear Congruential Generator) implementation to
libisc
- use LCG instead of LFSR for ID generation until LFSR is
proven reliable
- strlcpy/strlcat/snprintf fixes
Without digging into things deeper, it looks like this is
unlikely to
be an issue since the OBSD version doesn't rely on LFSR.
--
http://www.memetrics.com
-
Multivariate testing with Memetrics xOs.
Landing page optimization, design & consulting.
|