ns
>
> Kai Michaelis, Christopher Meyer and Jörg Schwenk - Ruhr Uni Bochum
>
> Abstract: This paper investigates the Randomness of several Java Run-time
> Libraries by inspecting the integrated Pseudo Random NumberGenerators.
> Significant weaknesses in different libraries including An-
AppOutputStream.java:108)
... 3 more
We only tested this with 1024, 2048, 4096 bit keys.
Maybe a simple length check inside the expand function could solve the issue.
Regards,
Chris
__
Dipl.-Ing. Christopher Meyer
Horst Görtz Institute for IT-Sec
rds,
> Sean
>
> On 24/02/12 14:09, Seán Coffey wrote:
> > thanks for raising this point Chris.
> >
> > we certainly don't want any windows for such an attack. I'll revisit
> > this.
> >
> > regards,
> > Sean.
> >
> > O
s
Blog on Java security and related topics:
armoredbarista.blogspot.com
__
Dipl.-Ing. Christopher Meyer
Horst Görtz Institute for IT-Security
Chair for Network and Data Security
Ruhr-University Bochum, Germany
Universitätsstr. 150, ID 2/415
D-44801 Bochum, Germany
h
