Date: Sun, 11 Jun 2000 10:23:47 +0200 From: Mark Murray <mark@grondar.za> To: "Andrey A. Chernov" <ache@FreeBSD.ORG> Cc: current@FreeBSD.ORG Subject: Re: mktemp() patch Message-ID: <200006110823.KAA71268@grimreaper.grondar.za> In-Reply-To: <20000611005642.A53004@freebsd.org> ; from "Andrey A. Chernov" <ache@FreeBSD.ORG> "Sun, 11 Jun 2000 00:56:42 MST." References: <20000611005642.A53004@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Huh? -1 is a constant, not random. Pass your data through _random_ bits, > > XORing it with them, and you have unbreakable crypto (one-time-pad) if you > > make a record of the random bits (the key). > > Yes, if passing _random_ through -1 _data_ not makes it strengthens, > passing through 1,2,3,4... _data_ will not makes it strenghthens too. Right, but the attacker doesn't always have access to the pid, so while it is _not_very_ random, under some circumstances it has _some_ useful randomness. > If attacker tries to predict random number generator itself and know pid and > mktemp() algorithm, adding getpid() bits he already know will not stop him > from this attack unless you plan to keep mktemp() algorihtm secret. Correct. However if you are collecting bits of randomness (or suspected randomness) from various sources, XORing them together is a cheap way of of combining them and obfuscating them, without making the total randomness any worse than the best of them. There are ways (eg: hash algorithms) of adding the total randomness. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006110823.KAA71268>