[Cryptography] Use process ID in mixing?
Sandy Harris
sandyinchina at gmail.com
Tue Mar 18 15:48:09 EDT 2014
A process ID is only a few bits long and in many cases is quite
predictable; it is entirely useless as an entropy source. However, I
wonder if it could play a role analogous to salt in a password
algorithm or the suggestion of stirring things like MAC addresses into
the pool at startup just so every machine does it slightly
differently.
On Linux, you can get the caller's pid from kernel code with #include
<linux/sched.h> then look at current->pid. Probably there is something
similar for other systems and quite possibly there is other usable
data in the struct; I haven't looked.
Is it worth salting every call to (u)random? Mix the pid into the
output or the pool. This can do no harm, but does it do any
perceptible good?
More information about the cryptography
mailing list