On Wednesday, 11 June 2014 at 16:35:31 UTC, Kagamin wrote:
In some scenarios impredictability is not enough. For example,
when you generate a session id, an attacker doesn't have to
predict it ahead of time, he can guess it at any time later.
And if they listen to radio waves - that's an "open protocol",
an attacker can setup antenna near their antenna and get the
same readings. Cryptographic PRNG and quantum TRNG are better
isolated, so it's harder to read them.
That's an interesting thought on a potential attack. I wouldn't
say "same readings" but similar readings is possible and might
make attacks easier.
It might not be a bad idea as part of a solution though, since it
can be used to supplement other sources of local-machine
crypto-grade entropy (since often such sources are exhaustible).
But yes, just straight up using it alone appears to have a few