|
|
|
|
|
|
by XorNot
4659 days ago
|
|
|
Who the christ is feeding the output of /dev/random for its use as a cryptographic function without checking that what they read is in fact NOT just a stream of zeroes? Because that's an outcome which can happen from any truly random number generator just by chance - its unlikely, but not unreasonable. Hence debiasing and the like. |
|
|
Also, they might leave some randomness in, but it can be a small enough amount of entropy that it would still render crypto keys vulnerable.