Hi, regarding: http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html?
I read somewhere this is a simple configuration file change. RSA says: https://blogs.rsa.com/news-media-2/nist-guidance-statement/ We are now working with customers to ensure they are using the strongest and safest cryptographic methods possible. "Customers"? Not us! Anyone got details? Or PoC? I'm guessing it is this file: <jre>/lib/security/java.security Looking at this: https://developer-content.emc.com/docs/rsashare/share_for_java/1.1/dev_guide/group__LEARNJSSE__RANDOM__ALGORITHM.html NONE of the RNGs appear to use real random bits. Absurd. -- http://www.subspacefield.org/~travis/ "Gobsmacked"
pgp76L32EtoMq.pgp
Description: PGP signature
_______________________________________________ RNG mailing list [email protected] http://lists.bitrot.info/mailman/listinfo/rng
