Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] NSA capabilities

Richard Pieri wrote:
> This assumes a truly random spread. Computers don't do truly random
> numbers.

Just found this courtesy of slashdot. I haven't been keeping up with the 
MITnews or I would have spotted this yesterday.

One practical upshot of this is that the probability of repeat 
collisions is 1 in 2^(n-x) where "x" represents how not quite 
cryptographically random the PRNG used really is. This leads to another 
point and another slashdot article. Just because you have good tools (or 
good enough tools) does not mean you auto-magically get good results:

"We have now determined that applications which use the Java 
Cryptography Architecture (JCA) for key generation, signing, or random 
number generation may not receive cryptographically strong values on 
Android devices due to improper initialization of the underlying PRNG."

That's on the root cause of the recent Android Bitcoin theft.

Rich P.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /