[Cryptography] Fwd: [cryptography] Underhanded Crypto
Ben Laurie
ben at links.org
Wed Dec 3 15:30:50 EST 2014
Somehow dropped the list.
---------- Forwarded message ---------
From: Ben Laurie <ben at links.org>
Date: Wed Dec 03 2014 at 8:20:40 PM
Subject: Re: [Cryptography] [cryptography] Underhanded Crypto
To: Ray Dillinger <bear at sonic.net>
On Wed Dec 03 2014 at 6:46:10 PM Ray Dillinger <bear at sonic.net> wrote:
>
>
> On 12/03/2014 04:20 AM, Ben Laurie wrote:
> > On Wed Dec 03 2014 at 7:22:18 AM Ray Dillinger <bear at sonic.net> wrote:
> Using uninitialized memory
> >> as *input* to add to a generator that had a good amount of entropy
> >> before you input the bytes, and which also gets lots of randomness from
> >> other sources, isn't harmful. But relying on uninitialized memory alone,
> >> or even mostly, to produce a good PRNG state is crayzee.
> >>
> >
> > So crayzee its not what was going on. In fact, what was going on is what
> > you just described. Which you would've known if you actually bothered to
> > understand the issue.
> >
> > But do carry on bloviating. It is _so_ enlightening.
> >
>
> Don't wanna pick a fight here, but I gotta point this out.
> If that's what's going on, then zeroing the memory before
> doing it won't cause a vulnerability.
>
Indeed, it will not.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141203/cceadce4/attachment.html>
More information about the cryptography
mailing list