[Cryptography] Use process ID in mixing?
John Denker
jsd at av8n.com
Wed Mar 19 13:51:50 EDT 2014
On 03/19/2014 04:50 AM, Sandy Harris wrote:
> Is it worth doing?
WYTM? What's the problem you're trying to solve?
I can think of three cases, from worst to best:
1) If the PRNG has never been properly seeded, that's a big
problem, and mixing in the PID and/or RTC is nowhere near
sufficient to solve the problem.
2) If the PRNG was properly seeded once upon a time, by far
the most serious threat is a replay. Stirring in the RTC
provides considerable protection against this, although it
is far from ideal. Stirring in the PID does not impress me,
because there are too many ways that the PID could be replayed
along with everything else.
3) If the PRNG is not being replayed, i.e. if the PRNG state
has not been reset to a previous value, then normal operation
of the PRNG should be very very strong, and no amount of
mixing in other stuff (RTC or PID or whatever) will make it
any stronger.
If you are worried that the PRNG is not strong in normal
operation, throw it out and get a better one. We know
how to make a PRNG that is /at least/ as strong as other
crypto primitives that we utterly depend on (i.e. hashes
and block ciphers).
More information about the cryptography
mailing list