hap.random: a new random number library for D
Nick Sabalausky via Digitalmars-d-announce
digitalmars-d-announce at puremagic.com
Wed Jun 11 10:38:43 PDT 2014
On 6/11/2014 12:35 PM, Kagamin wrote:
>
> In some scenarios impredictability is not enough. For example, when you
> generate a session id, an attacker doesn't have to predict it ahead of
> time, he can guess it at any time later. And if they listen to radio
> waves - that's an "open protocol", an attacker can setup antenna near
> their antenna and get the same readings.
An interesting point.
> Cryptographic PRNG and quantum
> TRNG are better isolated, so it's harder to read them.
FWIW, a cryptographic PRNG isn't necessarily well-isolated. Being a
PRNG, the isolation of a cryptographic PRNG is primarily limited to two
main things:
- The isolation of its entropy source(s) (which are not normally part of
a crypto-PRNG's specification - it's just left as "choose a good one"), and
- The patterns of how data is drawn from the PRNG.
If the entropy source is poorly isolated (via poor choice of entropy
source, or a failure within the entropy source), and the requests being
made to the PRNG are relatively predictable or even guessable (quite
likely given the nature of software), then a cryptographic PRNG won't be
any better isolated than, say, the digits of PI.
TL;DR: The isolation of a cryptographic PRNG is that of its external
entropy source, not the cryptographic PRNG algorithm itself.
More information about the Digitalmars-d-announce
mailing list