|
|
|
|
|
|
by jpalomaki
4660 days ago
|
|
|
If I remember right, the original reasoning why this could be a problem was something along the lines: You are using sources s1, s2, s3. Then final result is combination c(s1,s2,s3). Now somebody screws up something and the sources s1 and s2 start returning just constant values. If you were just using s1 and s2 you would immediately notice this. However since you are combining all three, you are getting something that looks good but what might not be really secure if the source s3 is compromised. (I think this came up in some HN discussion some weeks ago) I'm not familiar with the Linux implementation so I don't know if this has any meaning there. |
|
|