[erlang-questions] Yaws security alert - Yaws 1.93

Richard O'Keefe ok@REDACTED
Thu Jun 21 02:45:57 CEST 2012


On 21/06/2012, at 9:17 AM, Claes Wikstrom wrote:
> The problem is much deeper, it's the random algorithm itself. It's said that
> it's cryptographically weak - now I've seen how weak. Very weak.

The algorithm is AS183, the Wichmann-Hill 3-cycle generator.
It is antique, designed to cope with machines with limited arithmetic
(like the Xerox D-machines XQP ran on), have a tolerably long period
(in the days when 1MHz was fast), and serve the needs of simulations
(small ones, by today's standards).

It was *never* intended to be suitable for cryptography.
Even the modern 4-cycle algorithm from the same authors has not the
faintest claim to suitability for cryptography.





More information about the erlang-questions mailing list