On 26/02/17 20:23, cym13 wrote:
Hi,
I found many times that people use unpredictableSeed in combination with
normal PRNG for cryptographic purpose. Some even go as far as reseeding
at each call to try making it more secure.
It is a dangerous practice, most PRNG are not designed with security
(and unpredictability) in mind, and unpredictableSeed was definitely not
designed with security in mind (or it failed heavily at it). It's a good
tool when one needs randomness, not security.
I wrote a blog post to present exactly why this is a bad idea and how it
could be exploited [1].
The best would be to add a standard CSPRNG interface to Phobos but we
aren't there yet.
[1]: https://cym13.github.io/article/unpredictableSeed.html
Excuse me if I'm asking a trivial question. Why not just seed it from
/dev/urandom? (or equivalent on non-Linux platforms. I know at least
Windows has an equivalent).
Shachar
