Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: really really obsolete etc/moduli in NetBSD
From: William Allen Simpson (wsimpsongreendragon.com)
Date: Sat Jan 15 2005 - 18:08:18 CST
Thor Lancelot Simon wrote:
>On Sat, Jan 15, 2005 at 05:52:16PM -0500, William Allen Simpson wrote:
>>I do wish NetBSD folk would take security more seriously.
>Thank you, we take it quite seriously: seriously enough to not run around
>changing things without a good understanding of why they ought to be
Partly for the cryptography list that you added, and partly for the
benefit of new readers of this list, I'll point out:
(1) This was discussed on this NetBSD list in 2003, and such issues were
discussed for NetBSD and other BSDs all the way back to 1994 (by my own
recollection). Folks should be familiar with the issues by now.
(2) In my earlier message, I cited the terms you'd need to lookup, some
papers you should read. Instead, you erupted in flames.
(3) In October 2003, I provided your very own NetBSD moduli file. These
take a couple of weeks continuous computing to generate, so it was a
fair amount of my own personal effort.
(4) In January 2004, OpenSSH distributed a replacement. NetBSD never
installed it, either.
(5) Recently, NetBSD shipped a major release without updating it.
(6) We recently learned from Perry on cryptography that NetBSD hasn't
audited its random number generator implementation. (I was so
concerned that I called Perry at home to see what could be done.)
(7) I do not consider the following statement anything other than the
absolute heartfelt desire:
I do wish NetBSD folk would take security more seriously.
That wish includes fewer rants toward those of us that actually try to
provide improvements. (Possibly it would be too much to hope for a bit
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32