CPRNGs are still an issue.

Roland Dowdeswell elric at imrryr.org
Mon Dec 1 13:26:39 EST 2008

On 1227894567 seconds since the Beginning of the UNIX epoch
"Perry E. Metzger" wrote:

>As it turns out, cryptographic pseudorandom number generators continue
>to be a good place to look for security vulnerabilities -- see the
>enclosed FreeBSD security advisory.
>The more things change, the more they stay the same...

They failed to also mention that GBDE uses arc4random(9) to generate
the keys which is uses to write data.  So, any data written in the
first five minutes after a boot may also be weakly keyed.

    Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list