Date: Fri, 18 Jul 2014 11:28:18 -0700 From: Paul Hoffman <paul.hoffman@vpnc.org> To: Leif Pedersen <bilbo@hobbiton.org> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>, Steven Chamberlain <steven@pyro.eu.org> Subject: Re: Speed and security of /dev/urandom Message-ID: <C9E21765-D47F-4D98-8C7A-FCD9922FD072@vpnc.org> In-Reply-To: <CAK-wPOhuh_XUpQ9OZXB1UZjz6wQF=8gO2thWiBu9i3tt%2BKt7mQ@mail.gmail.com> References: <53C85F42.1000704@pyro.eu.org> <4E23BEEA-693A-4FA3-BE94-9BB82B49503A@vpnc.org> <CAK-wPOhuh_XUpQ9OZXB1UZjz6wQF=8gO2thWiBu9i3tt%2BKt7mQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 18, 2014, at 11:19 AM, Leif Pedersen <bilbo@hobbiton.org> wrote: > The extra readers interrupt the position of the stream, so that it is = harder to predict the next value. This only works if one instance of the = PRNG is shared by multiple readers, rather than each reader operating in = isolation. If there was a non-zero chance that an attacker could predict the next = value, your PRNG was already broken. Two of the fundamental properties = of a working PRNG is that if an attacker sees any number of outputs from = the PRNG, the attacker cannot compute any previous values and the = attacker cannot predict any future values.=20 --Paul Hoffman=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C9E21765-D47F-4D98-8C7A-FCD9922FD072>