General

Profile

azet (Aaron Zauner)

  • Login: azet
  • Email: azet@azet.org
  • Registered on: 01/31/2012
  • Last sign in: 06/15/2016

Issues

open closed Total
Assigned issues 0 0 0
Reported issues 0 1 1

Activity

06/16/2016

06:55 AM Ruby Bug #9569: SecureRandom should try /dev/urandom first
Shyouhei Urabe wrote:
> Everyone advocates their advantages. Maybe "OpenSSL should die" can be the only thing everyone agree? Several also seem to agree that Linux kernel devs are toxic, but then I don't understand why they think it's... azet (Aaron Zauner)

06/15/2016

12:03 PM Ruby Bug #9569: SecureRandom should try /dev/urandom first
Yui NARUSE wrote:
> Shyouhei Urabe wrote:
> ...
This uses `CryptGenRandom` on Windows (as does OpenSSL currently).
```
Historically, we always told developers not to use functions such as rand to generate keys, nonces and passwords... azet (Aaron Zauner)

05/03/2016

03:11 PM Ruby Bug #9569: SecureRandom should try /dev/urandom first
Shyouhei Urabe wrote:
> Filippo Valsorda wrote:
> ...
I'm sorry but your statement is completely and utterly false.
Python2's stdlib uses `os.urandom`:
- https://docs.python.org/2/library/random.html
- there's even a big message... azet (Aaron Zauner)

04/29/2016

08:43 AM Ruby Bug #9569: SecureRandom should try /dev/urandom first
A recent (2012) analysis of the RNG subsystem in the Linux Kernel can be found here: https://eprint.iacr.org/2012/251.pdf
The paper also describes, in detail, how `random` and `urandom` work. Apart from that, the code of the random ch... azet (Aaron Zauner)

04/13/2016

09:02 AM Ruby Bug #9569: SecureRandom should try /dev/urandom first
There's now a new paper outlining RNG weaknesses in OpenSSL: https://eprint.iacr.org/2016/367.pdf
Again: Please switch to a proper RNG/seeding mechanism as suggested by multiple people earlier.
Thanks,
Aaron azet (Aaron Zauner)

01/02/2016

03:11 PM Ruby Bug #9569: SecureRandom should try /dev/urandom first
The following is the output of your 'SecureRandom' construction vs. the Linux `/dev/urandom` facility:
http://nopaste.narf.at/show/EPVj9ETuMIcrCXKErsS6/
http://nopaste.narf.at/show/i0EJbkQrL3SXurfQZ524/
As you can see your RNG is ... azet (Aaron Zauner)
10:18 AM Ruby Bug #9569: SecureRandom should try /dev/urandom first
Nobuyoshi Nakada wrote:
> SecureRandom without OpenSSL (or compatible alternatives) is nonsense.
You evidently have no idea what you are talking about. Why would you want to use the PRNG that's local to OpenSSL? It can fail in many w... azet (Aaron Zauner)
01:48 AM Ruby Bug #9569: SecureRandom should try /dev/urandom first
Hi,
This still seems to be the case according to the code available on GitHub.
I urge the core team to move to `/dev/urandom`. It is an urban-legend (as Thomas Ptacek notes in the sockpuppet.org blog-post referenced two years ago) ... azet (Aaron Zauner)

01/31/2012

12:33 AM Ruby Bug #5950 (Closed): open-uri: https redirect fix
open-uri raises an exception if a http/s redirect refers to https.
original mail to the maintainer with a quickfix: https://gist.github.com/1704932
--snip--
# this is taken from the original ruby open-uri class,
# fixed this to... azet (Aaron Zauner)

Also available in: Atom