Who pulls random numbers that aren't for crypto these days? Surely that's a very small minority and shouldn't be the focus here
-
-
-
Simulations and ML, games and reproducible testing. Latter can't use system random anyway. Cryptographically strong is fine for the first two too.
- 4 more replies
New conversation -
-
-
but open source celebrities are geniuses who need no other expert opinions /s
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
"AES keys are for symmetrical encryption and thus as such are short-lived. We're back to what Linus was saying about the fact that our urandom is already very good for such use cases, it should just not be used to produce long-lived keys (i.e. asymmetrical)."
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Should take only 2**128*0.1/10**9/3600/24/365 = 1079028307080601418897 years to crack at 0.1ns per attempt. A blink of an eye to a code god.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
"oh, don't even bother passing any flags, it's secure by default" That secure by default is sarcastically dismissed as a reasonable API *sigh*
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I guess that explains why aes gcm with 128 bit keys is at the top of this cipher preference list then?
https://github.com/awslabs/s2n/blob/master/tls/s2n_cipher_preferences.c#L37 … -
I read it as “People who knows nothing about security does not deserve security“ and it’s quite boldpic.twitter.com/4eGYuDbb08
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.