You are here


Passwords and Entropy

Entropy with decimal diceMy friend and colleague Al Dowd pointed me to Troy Hunt's blog post last April on password entropy.

Post category: 

That's not a one-time pad!

It's amazing how subtle a one-time pad really is. On one level they're deceptively simple: you simply match up the text of your message with a collection of "random bits" you share with the recipient. To decrypt, the recipient matches up a copy of those "random bits" to retrieve the message.

The trick is in the definition of "random bits."

Post category: 

Are 32,768 different keys enough?

This is one for the books. Several OpenSSL implementations, including Denbian and its children, including Ubuntu, have been crippled since September 2006. It's described on the metasploit web site.

The pseudo-random number generator (PRNG) was broken such that it only used the Unix process ID as the unchanging random input to the generator process. In other words, these security packages could not generate more than 32,768 different keys (since there were only 32,768 different process IDs on Unix).

Post category: 

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer