Re: [Hampshire] OpenSSL in Debian is broken

Top Page

Reply to this message
Author: Nick Chalk
Date: 2008-05-15 21:11 -000
To: hampshire
Subject: Re: [Hampshire] OpenSSL in Debian is broken
Hugo Mills <hugo@???> wrote:
> On Wed, May 14, 2008 at 11:02:58PM +0000, Nick
> Chalk wrote:
>> I'm no cryptanalyst - or mathematician - so
>> I'll try to dig up an archive of the
>> discussion.
> Could be interesting (or scary, or both).

I think this was the thread:

Steven Bellovin's reply is a good summary:

This one's good, too:

"> But how should they do it?

    Very carefully.

    Picking random numbers is far too important to
    be left to chance."

Another interesting thread on the same theme:

A thread discussing an analysis of Linux's RNG:
including a scary metric by the name of

>> I have a vague recollection that part of
>> argument was about sequence repetition.
> That's covered by Chris's definition

You see? I said I'm not a mathematician. :-)


Nick Chalk ................. once a Radio Designer
Confidence is failing to understand the problem.