Of the use of unpredictableSeed
ketmar via Digitalmars-d
digitalmars-d at puremagic.com
Sun Feb 26 10:33:08 PST 2017
cym13 wrote:
> Hi,
>
> I found many times that people use unpredictableSeed in combination
> with normal PRNG for cryptographic purpose. Some even go as far as
> reseeding at each call to try making it more secure.
>
> It is a dangerous practice, most PRNG are not designed with security
> (and unpredictability) in mind, and unpredictableSeed was definitely
> not designed with security in mind (or it failed heavily at it). It's
> a good tool when one needs randomness, not security.
>
> I wrote a blog post to present exactly why this is a bad idea and how
> it could be exploited [1].
>
> The best would be to add a standard CSPRNG interface to Phobos but we
> aren't there yet.
>
> [1]: https://cym13.github.io/article/unpredictableSeed.html
"like /dev/random on Linux"
(sighs) it was so good until this...
More information about the Digitalmars-d
mailing list