[Cryptography] [cryptography] Underhanded Crypto
Ray Dillinger
bear at sonic.net
Wed Dec 3 12:10:41 EST 2014
On 12/03/2014 04:20 AM, Ben Laurie wrote:
> On Wed Dec 03 2014 at 7:22:18 AM Ray Dillinger <bear at sonic.net> wrote:
Using uninitialized memory
>> as *input* to add to a generator that had a good amount of entropy
>> before you input the bytes, and which also gets lots of randomness from
>> other sources, isn't harmful. But relying on uninitialized memory alone,
>> or even mostly, to produce a good PRNG state is crayzee.
>>
>
> So crayzee its not what was going on. In fact, what was going on is what
> you just described. Which you would've known if you actually bothered to
> understand the issue.
>
> But do carry on bloviating. It is _so_ enlightening.
>
Don't wanna pick a fight here, but I gotta point this out.
If that's what's going on, then zeroing the memory before
doing it won't cause a vulnerability.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141203/88801b2c/attachment.sig>
More information about the cryptography
mailing list