Landon Fuller
mikeash
.@landonfuller That's the cryptographic equivalent of leaving brown liquid high-level nuclear waste sitting around in sealed Coke bottles.
When including an actual copy of arc4random involves borrowing a single .c from the BSDs, there's really no excuse:https://github.com/Microsoft/WinObjC/blob/59a63e42a9d10da8aadbf8d3b6c10fd02e6b40c6/Frameworks/CoreFoundation/CFMisc.mm#L28 …
-
-
- View other replies
-
@mikeash@landonfuller I like to think both of you wear white lab coats while programming -
@rob5408@landonfuller Only sometimes.
-
-
@landonfuller Okay, that’s downright *dangerous*. arc4random() is documented as cryptographic, rand() is documented as hopelessly useless… -
-
@landonfuller@mikeash a lot of things were clearly put together hastily. This is why they Open Sourced it, PRs are welcome. -
@galambalazs@landonfuller "Build in haste, then fix" is just not a model that works for security-critical code. - View other replies
-
@mikeash@landonfuller You're right a 100%. I can just see how MS faced the decision of doing it now vs let's say 1 year from now. -
@galambalazs@landonfuller The thing is, borrowing a secure arc4random implementation would be no more effort. -
@mikeash@landonfuller Yeah that's why I said you guys could send a PR. It's another way of showing how easy the fix is :-) - View other replies
-
@galambalazs@landonfuller If MS would like us to audit the whole thing, I'd be happy to send them our rates.
-
rob5408
Gwynne Raskind
Balázs Galambosi
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.