On Thu, Aug 15, 2013 at 3:38 PM, Maxim Kammerer m...@dee.su wrote:
On Thu, Aug 15, 2013 at 2:34 PM, Nathan of Guardian
nat...@guardianproject.info wrote:
The best description is here:
http://armoredbarista.blogspot.ch/2013/03/randomly-failed-weaknesses-in-java.html
Unbelievable… It seems
On 2013-08-15, at 6:14 AM, Nathan of Guardian nat...@guardianproject.info
wrote:
Signed PGP part
On 08/15/2013 12:07 AM, Nadim Kobeissi wrote:
Hot on the heels of last week's Bitcoin wallet for Android heist,
Google has confirmed that this was due to a critical crypto flaw in
Android,
Il 8/15/13 6:07 AM, Nadim Kobeissi ha scritto:
Hey Libtech,
Hot on the heels of last week's Bitcoin wallet for Android heist,
Google has confirmed that this was due to a critical crypto flaw in
Android
All Mobile Security Applications should not rely on standard RNG of the
OS but fetch
On Thu, Aug 15, 2013 at 7:14 AM, Nathan of Guardian
nat...@guardianproject.info wrote:
The only silver lining from their post was that HTTP/SSL connections
were not affected, so this only really affects apps that are
generating keys at the Java layer, which include apps like Android
Privacy
On 08/15/2013 06:24 AM, Fabio Pietrosanti (naif) wrote:
All Mobile Security Applications should not rely on standard RNG of the
OS but fetch precious and better source of randomness available on those
devices:
- Microphone Audio Sample
On a commercial product i worked on in past the RNG has
On 08/15/2013 06:29 AM, Maxim Kammerer wrote:
I have a hard time trying to figure out from Alex Klyubin's blog post
[1] just what the problem in affected Android class libraries was. Did
they forget to include a urandom-backed SecureRandom provider? Or set
it as one with highest priority? Or
On Thu, Aug 15, 2013 at 2:34 PM, Nathan of Guardian
nat...@guardianproject.info wrote:
The best description is here:
http://armoredbarista.blogspot.ch/2013/03/randomly-failed-weaknesses-in-java.html
Unbelievable… It seems that PRNG implementers suffer from NIH
syndrome. If you are going to use
..on Thu, Aug 15, 2013 at 03:38:56PM +0300, Maxim Kammerer wrote:
On Thu, Aug 15, 2013 at 2:34 PM, Nathan of Guardian
nat...@guardianproject.info wrote:
The best description is here:
http://armoredbarista.blogspot.ch/2013/03/randomly-failed-weaknesses-in-java.html
Unbelievable… It seems
On Thu, Aug 15, 2013 at 8:38 AM, Maxim Kammerer m...@dee.su wrote:
...and rely on code that's reviewed and maintained by thousands of
kernel people...
Are you really saying THOUSANDS have reviewed and maintain the RNG? For
real?
--
Liberationtech is a public list whose archives are
On Thu, Aug 15, 2013 at 7:33 PM, Doug Chamberlin
chamberlin.d...@gmail.com wrote:
Are you really saying THOUSANDS have reviewed and maintain the RNG? For
real?
You are right — I didn't take the possibility of useless
tongue-in-cheek remarks into account when using that expression in
order to
$ git log --pretty=format:%an drivers/char/random.c | sort | uniq | wc
The number of committers to random.c is 41.
You missed having a lame joke by just one committer.
On Thu, Aug 15, 2013 at 10:23 AM, Maxim Kammerer m...@dee.su wrote:
On Thu, Aug 15, 2013 at 7:33 PM, Doug Chamberlin
On Thu, Aug 15, 2013 at 1:23 PM, Maxim Kammerer m...@dee.su wrote:
On Thu, Aug 15, 2013 at 7:33 PM, Doug Chamberlin
chamberlin.d...@gmail.com wrote:
Are you really saying THOUSANDS have reviewed and maintain the RNG? For
real?
You are right — I didn't take the possibility of useless
On Thu, Aug 15, 2013 at 8:39 PM, Steve Weis stevew...@gmail.com wrote:
$ git log --pretty=format:%an drivers/char/random.c | sort | uniq | wc
Guys, I assumed you knew that kernel history was reset a few times. If
you want to approach it thoroughly, you start with all names at [1]
since 2010.
Maxim Kammerer m...@dee.su wrote:
In any case, I find this bikeshedding of side remarks pretty annoying,
it is quite pointless.
Well, I see it as practical proof of the value of open-source, the need to
avoid reinventing the crypto wheel, and that no amount of money buys you
perfect code.
On Thu, Aug 15, 2013 at 7:58 PM, Nathan of Guardian
nat...@guardianproject.info wrote:
Maxim Kammerer m...@dee.su wrote:
In any case, I find this bikeshedding of side remarks pretty annoying,
it is quite pointless.
Well, I see it as practical proof of the value of open-source, the need to
Hey Libtech,
Hot on the heels of last week's Bitcoin wallet for Android heist, Google has
confirmed that this was due to a critical crypto flaw in Android, which could
affect security in thousands of apps according to Ars Technica:
Google developers have confirmed a cryptographic vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/15/2013 12:07 AM, Nadim Kobeissi wrote:
Hot on the heels of last week's Bitcoin wallet for Android heist,
Google has confirmed that this was due to a critical crypto flaw in
Android, which could affect security in thousands of apps according
17 matches
Mail list logo