Re: Secure random ID generation

From: John Viega (viegaat_private)
Date: Wed Dec 04 2002 - 23:43:30 PST

Next message: Steven M. Christey: "A "straw man" vulnerability auditing checklist"

Previous message: Jeff Williams @ Aspect: "Re: Secure random ID generation"
In reply to: Jose Nazario: "Re: Secure random ID generation"
Next in thread: Ryan M Harris: "RE: Secure random ID generation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The PRNG isn't the hard part.  Seeding it securely (and continually 
adding entropy to its state) is the hard part.
Simply operating a cryptographic primitive in counter mode produces a 
cryptographically strong PRNG (not hard in the slightest), but the 
entropy of the seed is absolutely crucial.

John

On Tuesday, December 3, 2002, at 07:26 PM, Jose Nazario wrote:

> On Tue, 3 Dec 2002 Valdis.Kletnieksat_private wrote:
>
>> Not all systems have a /dev/random.
>
> secure, portale (ie userland) entropy gathering daemons exist. however,
> most languages have some form of a PRNG. its a lot easier than trying 
> to
> write your own.
>
> ___________________________
> jose nazario, ph.d.			joseat_private
> 					http://www.monkey.org/~jose/
>

Next message: Steven M. Christey: "A "straw man" vulnerability auditing checklist"
Previous message: Jeff Williams @ Aspect: "Re: Secure random ID generation"
In reply to: Jose Nazario: "Re: Secure random ID generation"
Next in thread: Ryan M Harris: "RE: Secure random ID generation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Dec 05 2002 - 10:55:18 PST