Hacker News new | past | comments | ask | show | jobs | submit login

How catastrophic is this compared to the old Debian weak key issue?



It sounds about the same, with differences being that it would affect anything that uses kernel randomness (Debian's problem "only" affected code that used OpenSSL's CSPRNG) and it didn't make it into a release (Debian's was out in the wild for a couple of years before being discovered).

In short, I think it's a bit worse if you're actually vulnerable, but vulnerable systems will be much more rare.


If this ever actually got out into -RELEASE or -STABLE then it'd be catastrophic, but -CURRENT is literally the branch devs are actively committing to, so it's actually a non-issue.


Folks don't seem to note the torn out walls, men with jackhammers, blowtorches, rivet guns, nor do they catch sight of the enormous, bold hazard signs.

For some, it's a gleeful traipse into the 5m deep concrete pour, briefly regretted. I salute those brave souls! Why they do what they do may never be known, even to those who partake, but they do it with conviction! And, it's a damn fine thing, if you ask me!




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: