On 15.08.2013 16:25, Eugen Leitl wrote:
----- Forwarded message from Maxim Kammerer <mk@dee.su> -----
Date: Thu, 15 Aug 2013 15:38:56 +0300 From: Maxim Kammerer <mk@dee.su> To: liberationtech <liberationtech@lists.stanford.edu> Subject: Re: [liberationtech] Google confirms critical Android crypto flaw Reply-To: liberationtech <liberationtech@lists.stanford.edu>
On Thu, Aug 15, 2013 at 2:34 PM, Nathan of Guardian <nathan@guardianproject.info> wrote:
The best description is here: http://armoredbarista.blogspot.ch/2013/03/randomly-failed-weaknesses-in-java...
Unbelievableā¦ It seems that PRNG implementers suffer from NIH syndrome. If you are going to use /dev/urandom, then use it all the time, and rely on code that's reviewed and maintained by thousands of kernel people, not just your favorite buggy seeded PRNG du-jour.
Or, if you decide to roll your own, at LEAST read Peter Gutmann's 1998 Usenix Security paper on the topic [1] or read the respective chapter in his book [2]. Stephan [1] http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix98.pdf [2] Peter Gutmann, Cryptographic Security Architecture, Springer Verlag, 2004.