[liberationtech] Google confirms critical Android crypto flaw
Julian Oliver
julian at julianoliver.com
Thu Aug 15 05:50:52 PDT 2013
..on Thu, Aug 15, 2013 at 03:38:56PM +0300, Maxim Kammerer wrote:
> On Thu, Aug 15, 2013 at 2:34 PM, Nathan of Guardian
> <nathan at guardianproject.info> wrote:
> > The best description is here:
> > http://armoredbarista.blogspot.ch/2013/03/randomly-failed-weaknesses-in-java.html
>
> Unbelievable… It seems that PRNG implementers suffer from NIH
> syndrome. If you are going to use /dev/urandom, then use it all the
> time, and rely on code that's reviewed and maintained by thousands of
> kernel people, not just your favorite buggy seeded PRNG du-jour.
Well said. A horribly broken attempt at reinventing the wheel.
> So they're essentially constructing a state-based bit stream that
> varies in each block, and hash it with SHA-1 — exposing each
> intermediate hash value in the middle. Who the hell told them it's
> safe from cryptanalysis POV?
It's very weird indeed. This makes a good outline for a public request for a
statement from them, IMO.
Cheers,
--
Julian Oliver
PGP B6E9FD9A
http://julianoliver.com
http://criticalengineering.org
More information about the liberationtech
mailing list