On 17.01.2012 23:55, Peter Waltenberg wrote:
> I think my point is valid though - even if it is a PRNG, provided it's a
> good one (and distribution will tell you that) if an attacker can't tell
> exactly when you are sampling the PRNG effectively it's a usable entropy
> source.
One of the problems is for example to get a suitably random number
soon after booting an embedded device, without external activity.
A PRNG is no good here - the sampling occurs at quite predictable
time since the power was applied.
For a typical OpenSSL usage you are probably right, at least if you
are able to save the gathered entropy across reboots.
> The same is true of events we consider to be really random - i.e.
> radioactive material, thermal shot noise - the real situation may simply be
> that we don't yet know enough at present to be able to predict when an
> indivdual nucleus will decay - that doesn't mean that'll always be true
Well if this assumption breaks the RNGs will be probably the least
thing to worry about ;)
--
Stano
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
