 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Richard Pieri wrote: > This assumes a truly random spread. Computers don't do truly random > numbers. Just found this courtesy of slashdot. I haven't been keeping up with the MITnews or I would have spotted this yesterday. http://web.mit.edu/newsoffice/2013/encryption-is-less-secure-than-we-thought-0814.html One practical upshot of this is that the probability of repeat collisions is 1 in 2^(n-x) where "x" represents how not quite cryptographically random the PRNG used really is. This leads to another point and another slashdot article. Just because you have good tools (or good enough tools) does not mean you auto-magically get good results: http://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html "We have now determined that applications which use the Java Cryptography Architecture (JCA) for key generation, signing, or random number generation may not receive cryptographically strong values on Android devices due to improper initialization of the underlying PRNG." That's on the root cause of the recent Android Bitcoin theft. -- Rich P.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
