On Thu, 15 May 2008, Bodo Moeller wrote:
> On Thu, May 15, 2008 at 11:41 PM, Erik de Castro Lopo > <[EMAIL PROTECTED]> wrote: > > Goetz Babin-Ebell wrote: > > >> But here the use of this uninitialized data is intentional > >> and the programmer are very well aware of what they did. > > > The use of unititialized data in this case is stupid because the > > entropy of this random data is close to zero. > > It may be zero, but it may be more, depending on what happened earlier > in the program if the same memory locations have been in use before. > This may very well include data that would be unpredictable to > adversaries -- i.e., entropy; that's the point here. on the other hand it may be a known plaintext attack. what are you guys smoking? -dean ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]