On Thursday, November 03, 2011 11:42 AM, "Stefan Sperling" <stsp_at_elego.de> wrote:
> On Thu, Nov 03, 2011 at 12:01:58PM +0200, Daniel Shahaf wrote:
> > Something tells me that when a cryptographic protocol calls for random
> > numbers then a quasiconstant or known value wouldn't do instead.
>
> Put more bluntly, if protocol designers bothered with putting a random
> number into their protocol, implementors must assume that designers had
> a good reason for the number to be *random*. Using the current time instead
> of a random number is breaking the protocol implementation.
>
> I mean, seriously, it's not like Debian didn't have a track record
> of breaking security with custom patches. Remember the ssh keys debacle?
> I am amazed to learn such a patch exists in Debian's Subversion packages.
> I think this patch should be pulled from Debian's Subversion packages
> immediately.
>
Yes, in general if you don't know why a random number was used you'd
better not make it any less random. But please don't rush to
conclusions without studying the concrete protocol.
Received on 2011-11-03 11:53:38 CET