It is not good to use the wrong kind of PRG, it should
be fixed as soon as possible. But do we know that
os.urandom will be OK on any platform, or is this
OS -dependent at the end of the day?
- Ivan
On 06/07/2010, at 15.22, Thomas P Jakobsen wrote:
VIFF itself as well as most protocols
Indeed it should satisfy those properties. Say if you Shamir share
something, the adversary might get t shares in order. If it can guess
the next bit with non-negligible advantage, this will completely break
our claim that the adversary has no information on the secret.
Luckily it should
Thomas P Jakobsen wrote:
The urandom is os-specific:
This function returns random bytes from an OS-specific randomness
source. The returned data should be unpredictable enough for
cryptographic applications, though its exact quality depends on the OS
implementation. On a UNIX-like system this
I agree that tests should be reproducible. But it is also very
important to use a cryptographically secure PRNG.
I don't know whether these two requirements can be satisfied by the
same number generator. If not, the best solution is to have two
modes of operation:
- A test mode where the
