[Discuss] NSA capabilities

[Richard Pieri]

Richard Pieri wrote:
> This assumes a truly random spread. Computers don't do truly random
> numbers.

Just found this courtesy of slashdot. I haven't been keeping up with the 
MITnews or I would have spotted this yesterday.

http://web.mit.edu/newsoffice/2013/encryption-is-less-secure-than-we-thought-0814.html

One practical upshot of this is that the probability of repeat 
collisions is 1 in 2^(n-x) where "x" represents how not quite 
cryptographically random the PRNG used really is. This leads to another 
point and another slashdot article. Just because you have good tools (or 
good enough tools) does not mean you auto-magically get good results:

http://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html

"We have now determined that applications which use the Java 
Cryptography Architecture (JCA) for key generation, signing, or random 
number generation may not receive cryptographically strong values on 
Android devices due to improper initialization of the underlying PRNG."

That's on the root cause of the recent Android Bitcoin theft.

-- 
Rich P.