Hi all, On Wed, Jan 18, 2017 at 3:04 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
> The patch initializes the full MT state vector, approximately 2.5KB of >> memory, from a CSPRNG. To put this into perspective, 16 bytes are generally >> considered to be sufficient for cryptographic keying material. Does this >> seem somewhat disproportionate? >> > > It could be. I haven't read and research MT rand initialization code > carefully yet. > According to reference implementation referred by MT rand author, state buffer initialization by CSPRNG should be safe. See init_by_array(). http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/VERSIONS/C-LANG/mt19937ar-nrl.c Basically, this code is trying to randomize state buffer w/o real RNG. Therefore, replacing it by CSPRNG is OK. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net
