Re: Local press writes about the [removed]

From: Shelly Hermia Bhujun <shelly_hermia_at_hotmail.com>
Date: Tue, 11 Apr 2017 04:25:36 +0000


Hello SM,

Why was the part of the subject replaced by [removed] ? I read the article you and Ish are talking about. The [removed] part was mentioned in the article then why not here?

Kind regards,
Shelly

Get Outlook for Android<https://aka.ms/ghei36>


________________________________
From: mauritius-internet-users-bounce_at_lists.elandnews.com <mauritius-internet-users-bounce_at_lists.elandnews.com> on behalf of S Moonesamy <sm+mu_at_elandsys.com>
Sent: Tuesday, April 11, 2017 1:25:08 AM
To: Ish Sookun
Cc: mauritius-internet-users_at_lists.elandnews.com
Subject: Re: Local press writes about the [removed]

Hi Ish,
At 11:47 10-04-2017, Ish Sookun wrote:
>I saw your comment [1] on twitter about this catchy title by a press in
>Mauritius about defying the [removed]. You asked
>whether it is about RC4 and the answer was affirmative. Your next tweet
>includes a link [2] to the version control repository of FreeBSD. Did I
>understand well that the patch for 'arc4random.c' is suggested as a
>bandaid [3]?

I sometimes read the local tech-related news articles. I asked the
journalist whether it was about RC4 as the news article did not
contain the technical details which I was interested in. The patch
is described as a bandaid as RC4 is no longer recommended and because
OpenBSD has already switched from RC4 to ChaCha20. I was interested
in where the patch came from; it was from FreeBSD.

>I had a glance at the paper [4] by Ilya Mironov in which he proposed
>dumping at least the first 512 bytes of the RC4 stream cipher output.
>
>I imagine your tweet intended a *pun* but I am not sure which was it,
>the bandaid part (which means the patch is just temporary, until a
>stronger pseudorandom number generator is used) or is it completely
>missing due credits to Ilya Mironov?

My tweet was a simple question. As I received a reply I provided a
link in case anyone was interested in RC4. There is an academic
paper [1] from 2001 about the RC4 security issue. I wondered about
whether it was worthwhile to provide a temporary patch instead of
porting code which is already available from OpenBSD. There was also
a short discussion on a FreeBSD mailing list in March about the
issue. I didn't mention all that as nobody was interested in a
technical discussion [2] the topic.

Regards,
S. Moonesamy

1. http://dl.acm.org/citation.cfm?id=694759
2. I also read about
https://lists.freebsd.org/pipermail/svn-src-head/2015-February/068405.html
Received on Tue Apr 11 2017 - 04:25:55 PST

This archive was generated by hypermail 2.3.0 : Tue Apr 11 2017 - 04:27:01 PST