|
|
|
|
|
|
by er4hn
796 days ago
|
|
|
This appears to be a State Compromise Extension Attack (https://en.wikipedia.org/wiki/Random_number_generator_attack) which is something that PRNGs that are not CSPRNGs can be subject to. At this point it feels like having PRNGs be defaults is just not that safe of a thing to offer in libraries. Like defaulting to allow TLSv1.0 or blowfish in 2024. |
|
|