Comments on: Don’t Trust Automated Software Development Tools Too Much! http://www.to-tech.com/blog/2008/05/20/dont-trust-automated-software-development-tools-too-much/ Todd Ogasawara's Tech Blog Tue, 06 Jan 2009 20:57:28 +0000 http://wordpress.org/?v=2.7 hourly 1 By: todd http://www.to-tech.com/blog/2008/05/20/dont-trust-automated-software-development-tools-too-much/comment-page-1/#comment-41999 todd Sun, 14 Sep 2008 04:05:30 +0000 http://www.to-tech.com/blog/?p=126#comment-41999 Tel: You missed the point of the problem. The unknown state was used ON PURPOSE to help generate randomness. The issue is that blind use of automated tools can lead to problems like this one. Tel: You missed the point of the problem. The unknown state was used ON PURPOSE to help generate randomness. The issue is that blind use of automated tools can lead to problems like this one.

]]> By: Tel http://www.to-tech.com/blog/2008/05/20/dont-trust-automated-software-development-tools-too-much/comment-page-1/#comment-41945 Tel Fri, 12 Sep 2008 16:23:07 +0000 http://www.to-tech.com/blog/?p=126#comment-41945 I vote with valgrind on this one. If you use memory in C before initialization then you violate the language specification and the program can crash (and still be considered within spec). More than that: * regression testing is impossible with programs that can't pass valgrind (and regression testing can be very useful) * entropy gained by the OpenSSL method might work most of the time, but some days might not be there (for no particular reason) * it opens a potential vector for an attacker to manipulate your random pool using input data from somewhere else * it makes programs difficult to debug when they link to the OpenSSL library, thus programs using GnuTLS will get debugged more carefully and work better * having something that introduces a little bit of entropy with no guarantees is a false sense of security and hides genuine problems (better to have it obviously broken) I vote with valgrind on this one. If you use memory in C before initialization then you violate the language specification and the program can crash (and still be considered within spec). More than that:

* regression testing is impossible with programs that can’t pass valgrind (and regression testing can be very useful)

* entropy gained by the OpenSSL method might work most of the time, but some days might not be there (for no particular reason)

* it opens a potential vector for an attacker to manipulate your random pool using input data from somewhere else

* it makes programs difficult to debug when they link to the OpenSSL library, thus programs using GnuTLS will get debugged more carefully and work better

* having something that introduces a little bit of entropy with no guarantees is a false sense of security and hides genuine problems (better to have it obviously broken)

]]>