Talk:CryptGenRandom

Latest comment: 16 years ago by ArnoldReinhold in topic Better explanation of the possible loop hole needed

Better explanation of the possible loop hole needed

edit

Could someone please write better chapter about the controversy, I just added a "placeholder" for it. Atuomi 21:46, 15 November 2007 (UTC)Reply

It's already in the article (this is the Hebrew University attack).
We do need more detail on the attack, but it's probably inappropriate to speculate ("shadow of a doubt") until that detail is there. In particular: these attacks may or may not apply to the CSPRNG shipped in XP and Vista, and are a basic issue with usermode CSPRNGs in general, as well as with CSPRNGs built around stream ciphers with short keys (like RC4). --- tqbf 22:07, 15 November 2007 (UTC)Reply
The attack has nothing to do with short keys. RC4, in fact, allows quite long keys, up to 2048 bits. The problem with RC4 is that it can be run backwards, compromising past numbers generated with modest work. Also running in user mode would not be such a problem if entropy was added more frequently. Finally, in the Slashdot thread, someone who claimed to be from Microsoft said the problem was known and fixed in XP and Vista. That's far from a reliable source, but it is enough, I think, to remove the speculation about the bug affecting later versions of Windows, which I've done.--agr 22:42, 15 November 2007 (UTC)Reply
Maybe at least leave the news link at the end? -- Atuomi 22:10, 15 November 2007 (UTC)Reply
Why? The article already has an entire subsection sourced authoritatively. --- tqbf 22:15, 15 November 2007 (UTC)Reply
Because the news link was perhaps more accessible to people with less technical understanding. But you are right, it is sourced appropriately. -- Atuomi 22:22, 15 November 2007 (UTC)Reply
I put a bit more work into the section. Maybe it could use a sentence on the news coverage the attack got? If you missed the section, lots of other people might too. It'd be great if you can flag things that don't make sense (maybe a {{clarifyme}} tag here and there?) --- tqbf 22:26, 15 November 2007 (UTC)Reply
Sure, I'll check it out. Maybe the title could be revised to point out more that it is a possible problem. When I read it, I thought it's just a validation analysis, and not a problem as per such. Maybe something like 'Hebrew University Cryptoanalysis shows problems'? -- Atuomi 22:40, 15 November 2007 (UTC)Reply
That would probably read more like a news hed than an encyclopedia subhed, but I'm open to other titles. --- tqbf 22:45, 15 November 2007 (UTC)Reply

I added a brief mention to the article intro.--agr 23:04, 15 November 2007 (UTC)Reply

SHA-1 weakness reference needed

edit

I've tagged this sentence - "As an example, weaknesses in the SHA1 hash function, which was created by the U.S. National Security Agency and certified by NIST, were only discovered in 2005, 12 years after the algorithm was published." - as "citation needed" - not because I don't believe it, but merely because it's an unverified statement for which I imagine there must be a good reference we could use. I'd sure like more information on the analysis and fallout from this so that I could compare it to the CryptGenRandom concerns.--ParanoidMike 19:43, 27 August 2007 (UTC)Reply

"Microsoft recommends its use in all software where random number generation is desired."

edit

Sounds very un-NPOVish. Microsoft also recommends other operating systems to copy UAC, but nobody's taking them seriously. --Mike 18:59, 2 September 2007 (UTC)Reply

I think Microsoft suggesting how best to use Microsoft software is very different from Microsoft telling other OSs what to do. --agr 01:31, 3 September 2007 (UTC)Reply
This is not NPOV, this is API documentation. MSFT isn't making recommendations on how to use OpenSSL; they're saying that developers shouldn't write their own PRNGs when doing W32 crypto. --- tqbf 17:40, 12 November 2007 (UTC)Reply
I'm not sure what the issue is here. We are not endorsing Microsoft's position. I read the sentence as establishing the importance of CryptGenRandom. Maybe some other wording might be better.--agr 17:56, 12 November 2007 (UTC)Reply
It's pretty clear the way it is, and I don't think it should change. I may have resurrected a dead argument by replying to this, sorry. --- tqbf 18:02, 12 November 2007 (UTC)Reply

Hebrew University Cryptanalysis

edit

This deserves its own subsection of the article, which will also solve clumsiness and NPOV issues with threading it through the text. It's a cool paper, and it should be a focal point of the article, but it shouldn't be a factor in every single graf.

--- tqbf 17:44, 12 November 2007 (UTC)Reply