On Mon, May 19, 2008 at 10:48 PM, dean gaudet <[EMAIL PROTECTED]> wrote: > > > On Thu, 15 May 2008, Bodo Moeller wrote: > >> On Thu, May 15, 2008 at 11:41 PM, Erik de Castro Lopo >> <[EMAIL PROTECTED]> wrote: >> > Goetz Babin-Ebell wrote: >> >> >> But here the use of this uninitialized data is intentional >> >> and the programmer are very well aware of what they did. >> >> > The use of unititialized data in this case is stupid because the >> > entropy of this random data is close to zero. >> >> It may be zero, but it may be more, depending on what happened earlier >> in the program if the same memory locations have been in use before. >> This may very well include data that would be unpredictable to >> adversaries -- i.e., entropy; that's the point here. > > on the other hand it may be a known plaintext attack.
OK, so I'll seed my random number generator with a bunch of bits you don't know, then you give me however much known plaintext you want, and I'll update the state with that too. Then, I'll start generating random numbers. If you can guess them, you win! Right? Essentially what you're claiming is that you can predict the output of SHA-1 when you know part of the input, but not all of the input. Please explain how! -JP > what are you guys smoking? > > -dean > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
