On Tue, 20 May 2008, Richard Salz wrote: > > on the other hand it may be a known plaintext attack. > > Using those words in this context makes it sound that you not only don't > understand what is being discussed right here and now, but also that you > don't understand the term you just used. Are you sure you understood, > e.g., Ted Tso's postings in this thread? Perhaps I'm missing something, > but can you show me something that talks about known plaintext attacks in > the context of hashing/digests?
yes i abused the term. the so-called "uninitialized" data is actually from the stack right? an attacker generally controls that (i.e. earlier use of the stack probably includes char buf[] which is controllable). i don't know what ordering the entropy is added to the PRNG, but if all the useful entropy goes in first then an attacker might get to control the last 1KiB passed through the SHA1. yes it's unlikely given what we know today that an attacker could manipulate the state down to a sufficiently small number of outputs, but i really don't see the point of letting an attacker have that sort of control. -dean ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
