科技回声

<pre><code> Due to a misplaced parenthesis, if insufficient GOOD bits were available to satisfy a request, the keying/rekeying code requested either 32 or 64 ANY bits, rather than the balance of bits required to key the stream generator. </code></pre> I think this paragraph is a nice reminder, how hard crypto can be.

I enjoyed the Thanks To section:<pre><code> Thor Lancelot Simon for causing, finding and fixing the bug</code></pre>

The advisory says that reading from /dev/random is fine, but reading from /dev/urandom is affected. Shouldn't cryptographic applications be using /dev/random to begin with? I was under the impression that /dev/urandom is only for when low-quality randomness is acceptable.

> Due to a misplaced parenthesis...I know this isn't the (main) take away message, but it does make me feel a little better about some errors I've made in the past to know that even heavily vetted code can have these types of errors.

Anyone have a link to the actual patch?

Does vim have a plugin to detect unbalanced parens/brackets/braces etc?

Just in case anyone is curious, the error was having `sizeof(key - r)` instead of `sizeof(key) - r`Rookie mistake!

"Due to a misplaced parenthesis..."Is this RNG written in Lisp!?Sorry, couldn't resist ; ) (big fan of Clojure and elisp here btw)

I enjoyed the Thanks To section:<pre><code> Thor Lancelot Simon for causing, finding and fixing the bug</code></pre>

Anyone have a link to the actual patch?

Does vim have a plugin to detect unbalanced parens/brackets/braces etc?

Just in case anyone is curious, the error was having `sizeof(key - r)` instead of `sizeof(key) - r`Rookie mistake!

"Due to a misplaced parenthesis..."Is this RNG written in Lisp!?Sorry, couldn't resist ; ) (big fan of Clojure and elisp here btw)

Critical PRNG Bug in NetBSD Kernel

8 条评论

Critical PRNG Bug in NetBSD Kernel

8 条评论