科技回声

tptacek超过 8 年前

Don't. Use. Userspace. Random. Number. Generators.<p>It is 2016. There is no business for any major tool to be shipping a dependency on a userspace random number generator like this.<p><a href="http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/" rel="nofollow">http://sockpuppet.org/blog/2014/02/25/safely-generate-random...</a><p>It's not enough for us to stop fielding new software with broken userspace random (all userspace random is broken random). We need to go back through all the software, find all the userspace RNGs, and replace them with urandom reads

评论 #12318060 未加载

评论 #12317384 未加载

评论 #12317898 未加载

评论 #12318986 未加载

advisedwang超过 8 年前

The GPG folks don't currently recommend revoking keys based on this: <a href="https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html" rel="nofollow">https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/0003...</a>

weinzierl超过 8 年前

> [...] the flaw makes a part of the PRNG output completely predictable. This bug exists since 1998 in all GnuPG and Libgcrypt versions [...]<p>> Please note that this document makes no claims about the effect of the flaw on the security of generated keys or other artifacts.

zeveb超过 8 年前

Granted, Fortuna didn't exist in 1998 (it dates to 2003) — but why oh why don't gcrypt & the kernel use it now?

评论 #12317405 未加载

评论 #12316671 未加载

Entropy Loss and Output Predictability in the Libgcrypt PRNG [pdf]

4 条评论

Entropy Loss and Output Predictability in the Libgcrypt PRNG [pdf]

4 条评论