On Tue, 2 May 2000, Keith Wansbrough wrote:
> Off-topic, I know, but even if this worked as I think you intend,
> it would hardly be random and would certainly be unsuitable for use as a
> nonce. Applying `mkStdGen' to the current time doesn't make it any more
> random! You might as well use
>
> nonce size = take size (cycle (map chr (chop_into_smaller_bits timeFrom1970)))
>
> where chop_into_smaller_bits expresses timeFrom1970 in base 36 or something.
>
> An attacker can certainly guess within a few seconds (= a few trials) when your
>connection was negotiated.
>
Good point. Short of reading some truly random device
(perhaps ambient temperature fluctuation) this can be always
theoretically defeated. I can only make life more difficult
to the attacker by trying to outsmart him algoritmically
(Or to confuse him. My clock is always several hours too late
or too early. Just kidding)
Any good idea? First prize: a bottle of something good. :-)
Jan
- When is it safe to cheat? Jan Skibinski
- Re: When is it safe to cheat? Lennart Augustsson
- RE: When is it safe to cheat? Erik Meijer
- Re: When is it safe to cheat? Fergus Henderson
- When is it safe to cheat? Frank Atanassow
- Re: When is it safe to cheat? Fergus Henderson
- Re: When is it safe to cheat? Fergus Henderson
- Converting float to double. Ronald J. Legere
- Re: When is it safe to cheat? Jan Skibinski
- Re: When is it safe to cheat? Keith Wansbrough
- Re: When is it safe to cheat? Jan Skibinski
- Re: When is it safe to cheat? Ketil Malde
- Re: When is it safe to cheat? Frank Atanassow
- Re: When is it safe to cheat? Jan Skibinski
- Re: When is it safe to cheat? Michael Hobbs
- Re: When is it safe to cheat? Sverker Nilsson
- Re: When is it safe to cheat? Fergus Henderson
- Re: When is it safe to cheat? Ketil Malde
- Re: When is it safe to cheat? Sverker Nilsson
- Re: When is it safe to cheat? Bjarke Dahl Ebert
- Re: When is it safe to cheat? Michael Hobbs
