[Cryptography] [cryptography] Underhanded Crypto
Henry Baker
hbaker1 at pipeline.com
Tue Dec 2 11:13:37 EST 2014
At 10:03 PM 12/1/2014, Tom Mitchell wrote:
>On Mon, Dec 1, 2014 at 8:59 PM, <lists at notatla.org.uk> wrote:
>I suspect the joke has been missed.
>
>https://www.schneier.com/blog/archives/2008/05/random_number_b.html
>http://www.links.org/?p=327
Relying on an _uninitialized variable_ to produce randomness is perhaps even more idiotic than blaming the person who removed this line of code.
In my >50 years of programming, I've never found the values of uninitialized variables to be particularly random; in an awful lot of systems, these uninitialized variables are set to all zero bits.
If you want randomness, then make it explicit by calling some procedure that produces randomness.
Valgrind & Purify were correct to flag these programs.
More information about the cryptography
mailing list