hap.random: a new random number library for D
Chris Cain via Digitalmars-d-announce
digitalmars-d-announce at puremagic.com
Thu Jun 12 00:56:36 PDT 2014
On Wednesday, 11 June 2014 at 16:35:31 UTC, Kagamin wrote:
> In some scenarios impredictability is not enough. For example,
> when you generate a session id, an attacker doesn't have to
> predict it ahead of time, he can guess it at any time later.
> And if they listen to radio waves - that's an "open protocol",
> an attacker can setup antenna near their antenna and get the
> same readings. Cryptographic PRNG and quantum TRNG are better
> isolated, so it's harder to read them.
That's an interesting thought on a potential attack. I wouldn't
say "same readings" but similar readings is possible and might
make attacks easier.
It might not be a bad idea as part of a solution though, since it
can be used to supplement other sources of local-machine
crypto-grade entropy (since often such sources are exhaustible).
But yes, just straight up using it alone appears to have a few
critical problems.
More information about the Digitalmars-d-announce
mailing list