On Thu, Aug 15, 2013 at 3:38 PM, Maxim Kammerer wrote:
> On Thu, Aug 15, 2013 at 2:34 PM, Nathan of Guardian
> wrote:
>> The best description is here:
>> http://armoredbarista.blogspot.ch/2013/03/randomly-failed-weaknesses-in-java.html
>
> Unbelievable… It seems that PRNG implementers suffer from
On Thu, Aug 15, 2013 at 7:58 PM, Nathan of Guardian <
nat...@guardianproject.info> wrote:
>
>
> Maxim Kammerer wrote:
> >In any case, I find this bikeshedding of side remarks pretty annoying,
> >it is quite pointless.
>
> Well, I see it as practical proof of the value of open-source, the need to
Maxim Kammerer wrote:
>In any case, I find this bikeshedding of side remarks pretty annoying,
>it is quite pointless.
Well, I see it as practical proof of the value of open-source, the need to
avoid reinventing the crypto wheel, and that no amount of money buys you
perfect code. Only time, co
On Thu, Aug 15, 2013 at 8:39 PM, Steve Weis wrote:
> $ git log --pretty=format:"%an" drivers/char/random.c | sort | uniq | wc
Guys, I assumed you knew that kernel history was reset a few times. If
you want to approach it thoroughly, you start with all names at [1]
since 2010. Then, download the .
On Thu, Aug 15, 2013 at 1:23 PM, Maxim Kammerer wrote:
> On Thu, Aug 15, 2013 at 7:33 PM, Doug Chamberlin
> wrote:
> > Are you really saying THOUSANDS have reviewed and maintain the RNG? For
> > real?
>
> You are right — I didn't take the possibility of useless
> tongue-in-cheek remarks into acc
$ git log --pretty=format:"%an" drivers/char/random.c | sort | uniq | wc
The number of committers to random.c is 41.
You missed having a lame joke by just one committer.
On Thu, Aug 15, 2013 at 10:23 AM, Maxim Kammerer wrote:
> On Thu, Aug 15, 2013 at 7:33 PM, Doug Chamberlin
> wrote:
> > Ar
On Thu, Aug 15, 2013 at 7:33 PM, Doug Chamberlin
wrote:
> Are you really saying THOUSANDS have reviewed and maintain the RNG? For
> real?
You are right — I didn't take the possibility of useless
tongue-in-cheek remarks into account when using that expression in
order to support a technical argume
On Thu, Aug 15, 2013 at 8:38 AM, Maxim Kammerer wrote:
> "...and rely on code that's reviewed and maintained by thousands of
> kernel people..."
>
Are you really saying THOUSANDS have reviewed and maintain the RNG? For
real?
--
Liberationtech is a public list whose archives are searchable on Go
..on Thu, Aug 15, 2013 at 03:38:56PM +0300, Maxim Kammerer wrote:
> On Thu, Aug 15, 2013 at 2:34 PM, Nathan of Guardian
> wrote:
> > The best description is here:
> > http://armoredbarista.blogspot.ch/2013/03/randomly-failed-weaknesses-in-java.html
>
> Unbelievable… It seems that PRNG implementer
On Thu, Aug 15, 2013 at 2:34 PM, Nathan of Guardian
wrote:
> The best description is here:
> http://armoredbarista.blogspot.ch/2013/03/randomly-failed-weaknesses-in-java.html
Unbelievable… It seems that PRNG implementers suffer from NIH
syndrome. If you are going to use /dev/urandom, then use it
On 08/15/2013 06:29 AM, Maxim Kammerer wrote:
> I have a hard time trying to figure out from Alex Klyubin's blog post
> [1] just what the problem in affected Android class libraries was. Did
> they forget to include a urandom-backed SecureRandom provider? Or set
> it as one with highest priority? O
On 08/15/2013 06:24 AM, Fabio Pietrosanti (naif) wrote:
> All Mobile Security Applications should not rely on standard RNG of the
> OS but fetch precious and better source of randomness available on those
> devices:
> - Microphone Audio Sample
>
> On a commercial product i worked on in past the RN
On Thu, Aug 15, 2013 at 11:11 AM, Nadim Kobeissi wrote:
> Cryptocat had its own RNG fiasco recently as well, which was documented in
> this excellent blog post by Sophos Labs:
> http://nakedsecurity.sophos.com/2013/07/09/anatomy-of-a-pseudorandom-number-generator-visualising-cryptocats-buggy-prng
On Thu, Aug 15, 2013 at 7:14 AM, Nathan of Guardian
wrote:
> The only silver lining from their post was that HTTP/SSL connections
> were not affected, so this only really affects apps that are
> generating keys at the Java layer, which include apps like Android
> Privacy Guard (APG) and our own Gi
Il 8/15/13 6:07 AM, Nadim Kobeissi ha scritto:
> Hey Libtech,
> Hot on the heels of last week's Bitcoin wallet for Android heist,
> Google has confirmed that this was due to a critical crypto flaw in
> Android
All Mobile Security Applications should not rely on standard RNG of the
OS but fetch pre
On 2013-08-15, at 6:14 AM, Nathan of Guardian
wrote:
> Signed PGP part
> On 08/15/2013 12:07 AM, Nadim Kobeissi wrote:
> > Hot on the heels of last week's Bitcoin wallet for Android heist,
> > Google has confirmed that this was due to a critical crypto flaw in
> > Android, which could affect se
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/15/2013 12:07 AM, Nadim Kobeissi wrote:
> Hot on the heels of last week's Bitcoin wallet for Android heist,
> Google has confirmed that this was due to a critical crypto flaw in
> Android, which could affect security in thousands of apps accordin
Hey Libtech,
Hot on the heels of last week's Bitcoin wallet for Android heist, Google has
confirmed that this was due to a critical crypto flaw in Android, which could
affect security in thousands of apps according to Ars Technica:
"Google developers have confirmed a cryptographic vulnerability
18 matches
Mail list logo