[Ach] Random number generators (was Bug/Ba in OpenSSL)

Aaron Zauner azet at azet.org
Tue Nov 26 15:48:42 CET 2013


Oh. That was just a statement to the mailing list. But feel free to include it in the paper. I’d like it if someone would write something more verbose though.

On 26 Nov 2013, at 15:45, ianG <iang at iang.org> wrote:

> On 26/11/13 13:32 PM, Aaron Zauner wrote:
> 
>> One should use RNGs as provided by the operating system - since those are audited frequently. The issue with VMs/Embedded Devices and low-entropy hardware still remains.
> 
> 
> Almost.  I would change the second sentence to words to effect:
> 
> 
>     Watch out for VMs/Embedded Devices, you will need to do more research, which is out of scope of this paper and currently an unsolved problem.
> 
> 
> 
> That's it, IMHO.  Done & dusted :)
> 
> 
> 
> iang
> 
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131126/4ffd480c/attachment.sig>


More information about the Ach mailing list