|
You are here |
www.isc.org | ||
| | | | |
sashadu.wordpress.com
|
|
| | | | | Lets assume you develop software product or project. At some point your customer will ask you - what about security? How can we be sure your product is secure? Do you follow some best practices or guidelines? Are you certified? In order to provide satisfying answer to these questions, you should implement what is called... | |
| | | | |
rdist.root.org
|
|
| | | | | Travis Goodspeed has continued finding flaws in TI microcontrollers, branching out from the MSP430 to ZigBee radio chipsets. A few days ago, he posted a flaw in the random number generator. Why is this important? Because the MSP430 and ZigBee are found in many wireless sensor systems, including most Smart Meters. Travis describes two flaws:... | |
| | | | |
jens.mooseyard.com
|
|
| | | | | Jens Alfke's Weblog | |
| | | | |
negativesign.com
|
|
| | | This one hits close to home. I can't imagine how the NIST staff involved in creating SP 800 (and more specifically, the SP 800-90A Dual Elliptic Curve Deterministic Random Bit Generation...bit) must feel. First of all, given the definition of a deterministic system, the title itself gives me pause. Maybe there's some next-level random number theory described in the standard, but I'm not sure I'd ever want a random number generator to exhibit deterministic behavior. | ||