[138932] in cryptography@c2.net mail archive
Re: CPRNGs are still an issue.
daemon@ATHENA.MIT.EDU (Roland Dowdeswell)
Mon Dec 1 13:56:42 2008
To: "Perry E. Metzger" <perry@piermont.com>
Cc: cryptography@metzdowd.com
In-reply-to: Your message of "Fri, 28 Nov 2008 12:49:27 EST."
<87myfjvizc.fsf@snark.cb.piermont.com>
Date: Mon, 01 Dec 2008 13:26:39 -0500
From: Roland Dowdeswell <elric@imrryr.org>
On 1227894567 seconds since the Beginning of the UNIX epoch
"Perry E. Metzger" wrote:
>
>As it turns out, cryptographic pseudorandom number generators continue
>to be a good place to look for security vulnerabilities -- see the
>enclosed FreeBSD security advisory.
>
>The more things change, the more they stay the same...
They failed to also mention that GBDE uses arc4random(9) to generate
the keys which is uses to write data. So, any data written in the
first five minutes after a boot may also be weakly keyed.
--
Roland Dowdeswell http://www.Imrryr.ORG/~elric/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
