[Cryptography] [cryptography] Underhanded Crypto

Ben Laurie ben at links.org
Wed Dec 3 07:20:49 EST 2014

On Wed Dec 03 2014 at 7:22:18 AM Ray Dillinger <bear at sonic.net> wrote:

> On 12/02/2014 08:13 AM, Henry Baker wrote:
> > At 10:03 PM 12/1/2014, Tom Mitchell wrote:
> >> On Mon, Dec 1, 2014 at 8:59 PM, <lists at notatla.org.uk> wrote:
> >> I suspect the joke has been missed.
> >>
> >> https://www.schneier.com/blog/archives/2008/05/random_number_b.html
> >> http://www.links.org/?p=327
> >
> > Relying on an _uninitialized variable_ to produce randomness is perhaps
> even more idiotic than blaming the person who removed this line of code.
> Yes. That was sort of my thought as well.  Using uninitialized memory
> as *input* to add to a generator that had a good amount of entropy
> before you input the bytes, and which also gets lots of randomness from
> other sources, isn't harmful. But relying on uninitialized memory alone,
> or even mostly, to produce a good PRNG state is crayzee.

So crayzee its not what was going on. In fact, what was going on is what
you just described. Which you would've known if you actually bothered to
understand the issue.

But do carry on bloviating. It is _so_ enlightening.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141203/5f591f4f/attachment.html>

More information about the cryptography mailing list