CPRNGs are still an issue.
Roland Dowdeswell
elric at imrryr.org
Mon Dec 1 13:26:39 EST 2008
On 1227894567 seconds since the Beginning of the UNIX epoch
"Perry E. Metzger" wrote:
>
>As it turns out, cryptographic pseudorandom number generators continue
>to be a good place to look for security vulnerabilities -- see the
>enclosed FreeBSD security advisory.
>
>The more things change, the more they stay the same...
They failed to also mention that GBDE uses arc4random(9) to generate
the keys which is uses to write data. So, any data written in the
first five minutes after a boot may also be weakly keyed.
--
Roland Dowdeswell http://www.Imrryr.ORG/~elric/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list