[Cryptography] [RFC] random: add new pseudorandom number generator

Bill Frantz frantz at pwpconsult.com
Tue Oct 5 13:09:34 EDT 2021

On 10/4/21 at 12:28 AM, phill at hallambaker.com (Phillip 
Hallam-Baker) wrote:

>I am currently relying on Microsoft for the Mesh RNG. They have much more
>time to do a good job on this than I do.
>But I would like to have a belt and braces approach. If I make someone else
>the weak point in my system, I am inviting the rubber hose squad (or worse)
>to attack them.

I would take the approach that combining 5 bad random sources 
with one good one can result in a good source. Admitting that 
I'm well behind the times vis vi modern thinking about random 
generators, I would collect as many "unpredictable" sources as I 
could find and combine it with the Microsoft RNG. I would 
probably use a secure hash as the combining function. UI event 
timings, disk timings, network timings, all are hard to predict 
from outside the machine. Even if they are "squish" they may 
make attacks on the Microsoft RNG ineffective in your system.

Cheers - Bill

Bill Frantz        | I like the farmers' market   | Periwinkle
(408)348-7900      | because I can get fruits and | 150 
Rivermead Rd #235
www.pwpconsult.com | vegetables without stickers. | 
Peterborough, NH 03458

More information about the cryptography mailing list