> > Huh? -1 is a constant, not random. Pass your data through _random_ bits,
> > XORing it with them, and you have unbreakable crypto (one-time-pad) if you
> > make a record of the random bits (the key).
> Yes, if passing _random_ through -1 _data_ not makes it strengthens, 
> passing through 1,2,3,4... _data_ will not makes it strenghthens too.

Right, but the attacker doesn't always have access to the pid, so
while it is _not_very_ random, under some circumstances it has
_some_ useful randomness.

> If attacker tries to predict random number generator itself and know pid and 
> mktemp() algorithm, adding getpid() bits he already know will not stop him
> from this attack unless you plan to keep mktemp() algorihtm secret.

Correct. However if you are collecting bits of randomness (or
suspected randomness) from various sources, XORing them together
is a cheap way of of combining them and obfuscating them, without
making the total randomness any worse than the best of them. There
are ways (eg: hash algorithms) of adding the total randomness.

Mark Murray
Join the anti-SPAM movement: http://www.cauce.org

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to