Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: how i stopped worrying and loved the backdoor

From: Marsh Ray <marsh () extendedsubset com>
Date: Fri, 24 Dec 2010 03:53:52 -0600
"I agree that there's a good paper in this, I would love to see the
entropy added by the multi-consumer model quantified, or even an upper
bound placed on it.  In the past when I've given my talk on randomness
in the OpenBSD network stack, I've discussed this and I always ask for
someone to come forward with such a paper.


So there are these many hundreds of lines of entropy management code in 
OpenBSD implementing what is claimed to be a novel architecture for 
random number generation and yet this guy, who is going around giving 
talks on it, is expecting someone else to quantify it and "come forward 
with a paper"?

This is the kind of stuff that just doesn't make a bit of sense.


Unfortunately I don't get the impression that the amateur cryptographers
questioning the OpenBSD PRNG are qualified to produce such a paper (if
they were, they wouldn't be mailing here, they'd be submitting it to
real cryptographers for peer review)"


The burden of proof lies with the "amateur cryptographers" making the 
security claims about it, not those questioning them.

- Marsh

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: