[cryptography] [liberationtech] Heml.is - "The Beautiful & Secure Messenger"

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sat Jul 13 03:43:45 EDT 2013


William Yager <will.yager at gmail.com> writes:

>It's nice that you can be so cavalier about this, but if your system's RNG is
>fundamentally broken, it doesn't really matter so much whether your other
>stuff is well-programmed or not. 

Well I'm not sure what thread you're coming in from, but the current one was
about the issue of unnecessary paranoia about MIB's backdooring CPUs (and
their RNGs).  Good RNG design is an entirely different issue, see e.g.
https://www.usenix.org/legacy/publications/library/proceedings/sec98/gutmann.html.

>At least if my web browser is remotely exploitable, it doesn't break my disk
>encryption software, GPG, SSH, every other web browser I'm using, and pretty
>much every crypto appliance on my machine.

If your browser is remotely exploitable then it breaks everything on what used 
to be your machine.

Peter.



More information about the cryptography mailing list