[Cryptography] RNGs, Entropy, and Unguessability
jrzx
jrzx at protonmail.ch
Sat Jun 5 18:47:59 EDT 2021
> On Sun, May 30, 2021 at 01:14:02PM -0700, Kent Borg wrote:
> > A (1) uncorrelated sampling of a (2) fast clock is,
> > indeed, a good source of unguessability.
On Monday, May 31, 2021 8:18 AM, Barney Wolff <barney at databus.com> wrote:
> Surely this depends on how many guesses an attacker is
> allowed before being detected and blocked. If there's
> no penalty for guessing wrong, as with an offline attack,
> I doubt the GHz ticker can contribute more than about 20
> bits or so.
Every network or disk event provides several bits of unguessability. . You are going to accumulate a 128
bits in a hundred milliseconds or so.
Accumulate the bits into an arc4 seed, or into Knuth's
additive number generator 3.2.2, then hash the seed.
Continue accumulating randomness into the seed when you
get uncorrelated events. Continue hashing the seed when
you need more random numbers.
hashing it.
The attacker performing an offline attack will have to guess all 128 bits.
>
> The cryptography mailing list
> cryptography at metzdowd.com
> https://www.metzdowd.com/mailman/listinfo/cryptography
More information about the cryptography
mailing list