On Wednesday, 11 June 2014 at 16:35:31 UTC, Kagamin wrote:
In some scenarios impredictability is not enough. For example, when you generate a session id, an attacker doesn't have to predict it ahead of time, he can guess it at any time later. And if they listen to radio waves - that's an "open protocol", an attacker can setup antenna near their antenna and get the same readings. Cryptographic PRNG and quantum TRNG are better isolated, so it's harder to read them.


That's an interesting thought on a potential attack. I wouldn't say "same readings" but similar readings is possible and might make attacks easier.

It might not be a bad idea as part of a solution though, since it can be used to supplement other sources of local-machine crypto-grade entropy (since often such sources are exhaustible). But yes, just straight up using it alone appears to have a few critical problems.

Reply via email to