Date: Fri, 18 Jul 2014 11:28:18 -0700 From: Paul Hoffman <paul.hoffman@vpnc.org> To: Leif Pedersen <bilbo@hobbiton.org> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>, Steven Chamberlain <steven@pyro.eu.org> Subject: Re: Speed and security of /dev/urandom Message-ID: <C9E21765-D47F-4D98-8C7A-FCD9922FD072@vpnc.org> In-Reply-To: <CAK-wPOhuh_XUpQ9OZXB1UZjz6wQF=8gO2thWiBu9i3tt%2BKt7mQ@mail.gmail.com> References: <53C85F42.1000704@pyro.eu.org> <4E23BEEA-693A-4FA3-BE94-9BB82B49503A@vpnc.org> <CAK-wPOhuh_XUpQ9OZXB1UZjz6wQF=8gO2thWiBu9i3tt%2BKt7mQ@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
On Jul 18, 2014, at 11:19 AM, Leif Pedersen <bilbo@hobbiton.org> wrote: > The extra readers interrupt the position of the stream, so that it is harder to predict the next value. This only works if one instance of the PRNG is shared by multiple readers, rather than each reader operating in isolation. If there was a non-zero chance that an attacker could predict the next value, your PRNG was already broken. Two of the fundamental properties of a working PRNG is that if an attacker sees any number of outputs from the PRNG, the attacker cannot compute any previous values and the attacker cannot predict any future values. --Paul Hoffmanhelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C9E21765-D47F-4D98-8C7A-FCD9922FD072>