Reply to post: Re: Possible deadly flaw - compromised software

Let's harden Internet crypto so quantum computers can't crack it

Adam 1

Re: Possible deadly flaw - compromised software

> For a closed source implementation (eq most Windows programs) there is a danger that a deliberately weakened random number generator is used.

It isn't just closed source with that risk by the way. The fact that such a vulnerability sat there compromising every generated random number on Debian for so many years* without anyone noticing is testament to that. It's also a pretty damn good lesson in 'comment your code if you're doing something that looks a bit unusual'. A simple explanatory comment would have stopped the 2008 'fix' being implemented.

* I don't personally believe this vulnerability was deliberately introduced.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon