From owner-freebsd-security  Thu Feb 29 08:05:40 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id IAA19451
          for security-outgoing; Thu, 29 Feb 1996 08:05:40 -0800 (PST)
Received: from grumble.grondar.za (root@grumble.grondar.za [196.7.18.130])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id IAA19443
          for <freebsd-security@freebsd.org>; Thu, 29 Feb 1996 08:05:32 -0800 (PST)
Received: from grumble.grondar.za (mark@localhost [127.0.0.1]) by grumble.grondar.za (8.7.3/8.7.3) with ESMTP id SAA04943; Thu, 29 Feb 1996 18:04:37 +0200 (SAT)
Message-Id: <199602291604.SAA04943@grumble.grondar.za>
To: "Dean M. Phillips" <dphill@inav.net>
cc: freebsd-security@freebsd.org
Subject: Re: eBones appears free of PRNG bug. 
Date: Thu, 29 Feb 1996 18:04:36 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-security@freebsd.org
Precedence: bulk

"Dean M. Phillips" wrote:
> I have done a quick check of the eBones that is shipped with FreeBSD 2.1R
> and it appears to have already been fixed.  In /usr/src/eBones/include/des.h
> there is a "#define random_key des_random_key".  The random_key function
> appears to have vanished from the sources.

Close. No Cigar. The routine required is des_new_random_key(). This
was added to our libdes by me a while back, and is a part of the new
libdes.

Andrey (ache) added the MIT fixes to eBones, but it is not yet in
STABLE.

M
--
Mark Murray
46 Harvey Rd, Claremont, Cape Town 7700, South Africa
+27 21 61-3768 GMT+0200
Finger mark@grondar.za for PGP key