Date: Sun, 11 Jun 2000 00:56:42 -0700 From: "Andrey A. Chernov" <ache@freebsd.org> To: Mark Murray <mark@grondar.za> Cc: "Jeroen C. van Gelderen" <jeroen@vangelderen.org>, Kris Kennaway <kris@FreeBSD.ORG>, current@FreeBSD.ORG Subject: Re: mktemp() patch Message-ID: <20000611005642.A53004@freebsd.org> In-Reply-To: <200006110724.JAA70920@grimreaper.grondar.za>; from mark@grondar.za on Sun, Jun 11, 2000 at 09:24:37AM %2B0200 References: <20000610195102.D99504@freebsd.org> <200006110724.JAA70920@grimreaper.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jun 11, 2000 at 09:24:37AM +0200, Mark Murray wrote: > > If it not weakers I can't see why it strenghthens. > > I.e. you can constantly strenghthens generator with passing it through XOR -1 > ? > > If not, why any other value is better than -1? > > Huh? -1 is a constant, not random. Pass your data through _random_ bits, > XORing it with them, and you have unbreakable crypto (one-time-pad) if you > make a record of the random bits (the key). Yes, if passing _random_ through -1 _data_ not makes it strengthens, passing through 1,2,3,4... _data_ will not makes it strenghthens too. If attacker tries to predict random number generator itself and know pid and mktemp() algorithm, adding getpid() bits he already know will not stop him from this attack unless you plan to keep mktemp() algorihtm secret. -- Andrey A. Chernov <ache@nagual.pp.ru> http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000611005642.A53004>