On Sat, Jul 29, 2017 at 1:30 PM, Dan Brown <danibr...@blackberry.com> wrote:
> Section 3, of the eprint "Ron is wrong, Whit is right", subsection > "Moduli with shared primes", suggests to me that it's not unlikely when > seeding two secrets near in time, one has low entropy (by accident). That's > not the only explanation of the observed shared primes, but is plausible > and relevant to the question at hand. (I thought I mentioned this earlier.) > If the PRNGs produce identical output, that is bad, but that seems easy to protect against: check that the seeds are actually different. This is also what personalization strings are designed to protect against. -- Colm
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls