lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Dec 2010 03:53:52 -0600 From: Marsh Ray <marsh@...endedsubset.com> To: coderman <coderman@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: how i stopped worrying and loved the backdoor > "I agree that there's a good paper in this, I would love to see the > entropy added by the multi-consumer model quantified, or even an upper > bound placed on it. In the past when I've given my talk on randomness > in the OpenBSD network stack, I've discussed this and I always ask for > someone to come forward with such a paper. So there are these many hundreds of lines of entropy management code in OpenBSD implementing what is claimed to be a novel architecture for random number generation and yet this guy, who is going around giving talks on it, is expecting someone else to quantify it and "come forward with a paper"? This is the kind of stuff that just doesn't make a bit of sense. > Unfortunately I don't get the impression that the amateur cryptographers > questioning the OpenBSD PRNG are qualified to produce such a paper (if > they were, they wouldn't be mailing here, they'd be submitting it to > real cryptographers for peer review)" The burden of proof lies with the "amateur cryptographers" making the security claims about it, not those questioning them. - Marsh _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists