[Cryptography] Use process ID in mixing?

Sandy Harris sandyinchina at gmail.com
Wed Mar 19 07:50:38 EDT 2014

John Denker <jsd at av8n.com> wrote:

>>  However, I wonder if it could play a role analogous to salt
> Yes, it can ... but the time-of-day clock has all the
> same strengths and fewer weaknesses.

True, but is it worth throwing in PID as well?

>  ... in high-stakes adversarial situations,
>   there are really no options other than seeding the CSPRNG
>   with genuine entropy from a high-quality HRNG ... or just
>   using the HRNG directly.


>   Still, though, there are situations where a well-seeded
>   PRNG can benefit from salting or stirring.
> The PID idea does not apply to the kernel itself, especially
> during the critical start-up phase.

No, but it applies whenever a user program reads or
writes either device so it could be used as salt then.

> However, the time-of-day clock can be -- and should
> be -- used to salt or stir the state of the PRNG.

Yes, that must be done at boot time and I think the
current Linux code does it for interrupts as well, which
is a fine idea. MAC addresses can, and I think should,
also be used at boot time to make each system unique.

Mixing in PID info for every read/write call clearly would
not be of huge value. However the value doesn't
appear to be zero either, they depend on different
parts of system state than interrupts do, and the
overhead looks to be moderate. Is it worth doing?

More information about the cryptography mailing list