Rick Smith wrote:
> What if we examine the RNG's binary implementation as well as its output?
> Consider what happened to the weak Netscape RNG.
>
> Given that, how would one go about constructing a broken RNG that would
> resist detection? I'm not saying it's impossible, but the strategy isn't
> clear to me.
It doesn't have to resist detection forever. You keep a few bugs in,
any one of which is compromising; when one is dug up and has to be
fixed, it's time to introduce another.
How long did PGP have the RNG flaw that was found a few years ago?
How long has PGP 5.0i, according Germano Caronni's Bugtraq post two
days ago, been trying to read /dev/random like _this_?
RandBuf = read(fd, &RandBuf, count);
If such a dramatic error in an open-source program can survive that
long, a subtle tweak in a binary can probably last a good while.
> While I suspect that the open source software concept is the only practical
> strategy for healthy long term evolution of software, it doesn't
> automatically yield bug-free, vulnerability-free, or backdoor-free
> software. At best, it gives us an obvious way to track down trouble after
> it pops up. But it doesn't guarantee we'll look for backdoors, or find them
> if they're there. Most of us know this, but given the discussion, it seemed
> worthwhile to repeat for the general audience.
Testify.
--
Eli Brandt | [EMAIL PROTECTED] | http://www.cs.cmu.edu/~eli/
