怎么看都像是当初程序员为了调程序写了个固定值然后事后忘了改回去了。真的在GetRandom这样的函数中return 4，就算程序员偷懒，至少还有代码review的人做品管吧。

哦，原文还在下载中，没有看到前随便发下评论，详细看看Slide原文再说。

还是原文比较明白，几天没来TG逛，这里的一堆帖子看得一头雾水。

We don't have the game signing key but the same epic fail applies to it. Once someone dumps appldr they can calculate it too. They actually CAN change keys for LV2/LV1, isolated modules, rvklists, spp, but that's useless because you can just downgrade the loaders.

It took us 3-4 years to do this. Negative, this exploit only took a few months after we started working. We weren't trying before.

Sony can change keys. No, they can't. These aren't encryption keys, they're signing keys. If they change them GAMES STOP WORKING.

The private keys refer to keys that Sony HQ uses. PS3s don't have these keys (but we calculated them due to the fail). It's Sony not knowing WTF they're doing when making signatures, and thus mathematically leaking their keys. This is also why we didn't use the term "exploit" or "bug". The PS3 signature fail is neither an exploit nor a bug (in the PS3 firmware). The XKCD "return 4" function that we showed is (essentially) part of the code that Sony HQ runs to sign games, it's not in the PS3 FW. No one can create a new metldr (for an existing console). Not even Sony (unless they have that console's key stashed somewhere).

The random number isn't 4, it's more like 007eabbb79360e14df1457a4194b82f71a0dc39280 (example). But it's still constant.

关于椭圆曲线签名的随机数风险问题，已经被写入到wiki中椭圆曲线签名词条中，并且特别注明PS3在这个问题上载了跟头……

实际上在椭圆曲线签名的标准中特别注明了这个随机数必须符合ANSI X9.82标准，并且指明这是为了防止密钥被猜出了，然而Sony居然是用了一个固定的数，如果这个是真的，那确实是相当WTF的事情。

[ 本帖最后由 xphi 于 2011-1-2 23:07 编辑 ]