Richard Pieri wrote:
This assumes a truly random spread. Computers don't do truly random
numbers.
Just found this courtesy of slashdot. I haven't been keeping up with the
MITnews or I would have spotted this yesterday.
http://web.mit.edu/newsoffice/2013/encryption-is-less-secure-than-we-thought-0814.html
One practical upshot of this is that the probability of repeat
collisions is 1 in 2^(n-x) where "x" represents how not quite
cryptographically random the PRNG used really is. This leads to another
point and another slashdot article. Just because you have good tools (or
good enough tools) does not mean you auto-magically get good results:
http://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html
"We have now determined that applications which use the Java
Cryptography Architecture (JCA) for key generation, signing, or random
number generation may not receive cryptographically strong values on
Android devices due to improper initialization of the underlying PRNG."
That's on the root cause of the recent Android Bitcoin theft.
--
Rich P.
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss
