RT @tqbf: It’s not crazy for OpenSSL to redesign and simplify its CSPRNG. It is silly to make it MORE complicated. https://github.com/openssl/openssl/pull/3758 …
-
-
I offered to PR a fork-safe DRBG that we've formally verified, but bad faith from poisonous lunatics on openssl-prng made me give up.
3 replies 3 retweets 4 likes -
I think it's a different world now. Please get in touch. And I'm sorry.
2 replies 0 retweets 1 like -
Happy to go again. Is there a particularly good PR or Issue to put some observations/references/thoughts in?
2 replies 0 retweets 1 like -
I replied to the cryptography@ thread with links, proofs and rationale for the s2n design. You've been getting some undeserved hate there!
1 reply 0 retweets 1 like -
Look forward to reading your post. It wouldn't be the Internet without undeserved hate; I can handle it.
1 reply 0 retweets 1 like -
http://www.metzdowd.com/pipermail/cryptography/2017-June/032361.html … for the twitter gallery.
2 replies 0 retweets 1 like -
Orthogonally: of the stuff you painstakingly verified for s2n’s RNG: which map to actual security failures in real CSPRNGs?
1 reply 0 retweets 0 likes -
I value our test cases ( https://github.com/awslabs/s2n/blob/master/tests/unit/s2n_random_test.c … ), and our state machine model much more highly, which tackle fork safety.
2 replies 0 retweets 1 like -
For me the value of the formal proof is not having to repeat the millions of hours of randomness testing that has been done on AES_CTR_DRBG.
2 replies 0 retweets 0 likes
On coding errors: there are no test-vectors for DRBG state post a size-limit-forced reseed. Have asked. For now, proof is main assurance.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.