Post AwauQQcLDlFlJhLvXs by joshbressers@infosec.exchange
 (DIR) More posts by joshbressers@infosec.exchange
 (DIR) Post #AwaoMp7JaghuPwjpdg by joshbressers@infosec.exchange
       2025-07-28T12:52:11Z
       
       0 likes, 0 repeats
       
       I'm starting to think any random number generator that doesn't generate cryptographically secure values is a security vulnerability
       
 (DIR) Post #AwaoMqUkT32ugui3ns by simplenomad@rigor-mortis.nmrc.org
       2025-07-28T12:58:32Z
       
       0 likes, 0 repeats
       
       @joshbressers Well, of course. And actual real random number generation is hard to do, at least at the level of say a three letter agency requires.That was the point of my Nearly Perfect Crypto project, that it was “nearly” perfect….https://www.markloveless.net/blog/2025/7/15/ultimate-encryption-solution
       
 (DIR) Post #AwauQQcLDlFlJhLvXs by joshbressers@infosec.exchange
       2025-07-28T14:06:26Z
       
       0 likes, 0 repeats
       
       @simplenomad Yeah, I get that, but there's also a difference between the current default RNG vs "this isn't the worst thing we could think of" :)
       
 (DIR) Post #Awct5cdpbqZAtCU6Wu by simplenomad@rigor-mortis.nmrc.org
       2025-07-29T13:00:53Z
       
       0 likes, 0 repeats
       
       @joshbressers Convincing people to take /dev/urandom vs "something we thought of" gets back into that PEBKAC scenario... 😉