Of the use of unpredictableSeed

Nick Sabalausky (Abscissa) via Digitalmars-d digitalmars-d at puremagic.com
Sun Feb 26 14:56:14 PST 2017


On 02/26/2017 01:23 PM, cym13 wrote:
> Hi,
>
> I found many times that people use unpredictableSeed in combination with
> normal PRNG for cryptographic purpose. Some even go as far as reseeding
> at each call to try making it more secure.
>
> It is a dangerous practice, most PRNG are not designed with security
> (and unpredictability) in mind, and unpredictableSeed was definitely not
> designed with security in mind (or it failed heavily at it). It's a good
> tool when one needs randomness, not security.
>
> I wrote a blog post to present exactly why this is a bad idea and how it
> could be exploited [1].
>
> The best would be to add a standard CSPRNG interface to Phobos but we
> aren't there yet.
>
> [1]: https://cym13.github.io/article/unpredictableSeed.html

FWIW, DAuth[1] uses, and offers, an implementation of Hash_DRBG, a 
well-known and established CSPRNG algorithm. It's entropy source (not 
exactly the same as a seed, but basically the CSPRNG equivalent) is 
customizable, but by default, it uses _RtlGenRandom on Windows (the same 
source used by the CryptGenRandom algorithms) and '/dev/urandom' on Posix:

https://github.com/Abscissa/DAuth/blob/master/src/dauth/hashdrbg.d

[1] Ugh, still haven't gotten around to finishing DAuth's new version, 
renamed "InstaUser".



More information about the Digitalmars-d mailing list