Of the use of unpredictableSeed
cym13 via Digitalmars-d
digitalmars-d at puremagic.com
Sun Feb 26 10:23:27 PST 2017
Hi,
I found many times that people use unpredictableSeed in
combination with normal PRNG for cryptographic purpose. Some even
go as far as reseeding at each call to try making it more secure.
It is a dangerous practice, most PRNG are not designed with
security (and unpredictability) in mind, and unpredictableSeed
was definitely not designed with security in mind (or it failed
heavily at it). It's a good tool when one needs randomness, not
security.
I wrote a blog post to present exactly why this is a bad idea and
how it could be exploited [1].
The best would be to add a standard CSPRNG interface to Phobos
but we aren't there yet.
[1]: https://cym13.github.io/article/unpredictableSeed.html
More information about the Digitalmars-d
mailing list