Bram Cohen wrote: > > On Wed, 19 Sep 2001, Peter Fairbrother wrote: > > > Bram Cohen wrote: > > > > > You only have to do it once at startup to get enough entropy in there. > > > > If your machine is left on for months or years the seed entropy would become > > a big target. If your PRNG status is compromised then all future uses of > > PRNG output are compromised, which means pretty much everything crypto. > > Other attacks on the PRNG become possible. > > Such attacks can be stopped by reseeding once a minute or so, at much less > computational cost than doing it 'continuously'. I think periodic > reseedings are worth doing, even though I've never actually heard of an > attack on the internal state of a PRNG which was launched *after* it had > been seeded properly once already.
There was a bug in OpenSSL's PRNG (and BSAFEs) which permitted recovery of the internal state from a largish number of small outputs. It has been fixed, of course. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]