[Cryptography] where shall we put the random-seed?

Theodore Ts'o tytso at mit.edu
Mon Jan 2 18:09:36 EST 2017


On Mon, Jan 02, 2017 at 08:21:16PM +0000, Jason Cooper wrote:
> Well, I disagree.  I'd prefer not to give up just because the rest of it
> is crappy.  It may not always be that way.  We should fix what we have
> the power to fix as soon as we can.  Especially with the long deployment
> cycles of embedded systems.

It's not a matter of giving up; I'm just questioning your assumption
that there won't be regular clean shutdowns.  If the embedded device
is getting regular security updates, it will very likely be doing
clean shutdowns every month or so.  And if it's not getting regular
security updates, you might as well give the Russian hackers free rein
over the US Power Grid....  (Oh wait, they've already hacked computers
on the US Power Grid.  Maybe fixing the gaping wide security holes
should be higher priority, you think?)

					- Ted


More information about the cryptography mailing list