I'm not sure I understand the point of libraries protecting against broken PRNG. At some point there will always be an attack if a PRNG is misbehaving. During the key exchange, after X generations, etc... so what's the point of protecting against that if you can't eventually?
-
-
I seems like a light "defense in depth" mechanism that is most often not going to be enough against cryptographic attacks. Things like SIV seems to target developer mistakes rather than faulty PRNG.
-
If the hardware has no persistent memory, no clock, no source of entropy, give developers solutions. Even if they are not optimal. Don’t blame developers for “mistakes”.
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.