[Cryptography] [RFC] random: add new pseudorandom number generator
Bill Frantz
frantz at pwpconsult.com
Tue Oct 5 13:09:34 EDT 2021
On 10/4/21 at 12:28 AM, phill at hallambaker.com (Phillip
Hallam-Baker) wrote:
>I am currently relying on Microsoft for the Mesh RNG. They have much more
>time to do a good job on this than I do.
>
>But I would like to have a belt and braces approach. If I make someone else
>the weak point in my system, I am inviting the rubber hose squad (or worse)
>to attack them.
I would take the approach that combining 5 bad random sources
with one good one can result in a good source. Admitting that
I'm well behind the times vis vi modern thinking about random
generators, I would collect as many "unpredictable" sources as I
could find and combine it with the Microsoft RNG. I would
probably use a secure hash as the combining function. UI event
timings, disk timings, network timings, all are hard to predict
from outside the machine. Even if they are "squish" they may
make attacks on the Microsoft RNG ineffective in your system.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | I like the farmers' market | Periwinkle
(408)348-7900 | because I can get fruits and | 150
Rivermead Rd #235
www.pwpconsult.com | vegetables without stickers. |
Peterborough, NH 03458
More information about the cryptography
mailing list