Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re^8: Your random numbers are not that random (UtS,L)

by cavac (Chaplain)
on Jul 31, 2012 at 16:43 UTC ( #984621=note: print w/ replies, xml ) Need Help??


in reply to Re^7: Your random numbers are not that random (UtS,L)
in thread Your random numbers are not that random

You are right, of course.

Problem is, in cryptography there are probably only a handful of people worldwide for each algorithm that can actually tell you which parts of the system you can leave out and while only degrading the encryption product from "secure" to "still reasonable secure". Even a single, small error can lead to "not secure at all".

So, what i meant is, a non-specialist should assume that he/she can only turn the "secure" switch on and off but has probably not the knowledge to tweak it into a point somewhere inbetween.

As Dan Kaminsky said about the Debian SSL desaster (the non-randomness introduced to fix a memory access bug that wasn't one): "You know, it's not a private key if there's only 1 out of 65.000 of them". Youtube Video at 21:00. There is more on Dan's Blog.

"I know what i'm doing! Look, what could possibly go wrong? All i have to pull this lever like so, and then press this button here like ArghhhhhaaAaAAAaaagraaaAAaa!!!"


Comment on Re^8: Your random numbers are not that random (UtS,L)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://984621]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (6)
As of 2014-12-29 09:35 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (185 votes), past polls