Re: [dev-crypto-csharp] FYI - Low entropy in ThreadedSeedGenerator and DateTime.Now.Ticks

Hi Edward, Thankyou for your informative comments (and to others for contributing their thoughts). I do think there is room for improvement in the BC RNG code, particularly around entropy-collection. Release 1.8 is currently pending the completion of the port of latest TLS code from the Java

RE: [dev-crypto-csharp] FYI - Low entropy in ThreadedSeedGenerator and DateTime.Now.Ticks

> From: Edward Ned Harvey (bouncycastle) > > One > thread goes into a tight loop incrementing a counter. Another thread goes > into a loop sampling that counter. Whenever the second loop loops faster than the first loop, you will sleep 1ms, which brings up another point - The precision of cl

RE: [dev-crypto-csharp] FYI - Low entropy in ThreadedSeedGenerator and DateTime.Now.Ticks

> From: Sid Shetye [mailto:sid...@outlook.com] > > Also, the default used in > SecureRandom() uses SHA1 internally - something we're not allowed to use > anymore. SHA1 has been shown to have some weaknesses in terms of collision resistance. (No collisions yet found, but SHA1 can no longer be co

[dev-crypto-csharp] RE: FYI - Low entropy in ThreadedSeedGenerator and DateTime.Now.Ticks

> From: Edward Ned Harvey (bouncycastle) > [mailto:bouncycas...@nedharvey.com] > > This is not a fatal flaw, as long as you're compensating for it - By default, Actually, now that I've moved onto testing cross-platform... On my mac, I get ThreadedSeedGenerator output that is compressible to ~10%

RE: [dev-crypto-csharp] FYI - Low entropy in ThreadedSeedGenerator and DateTime.Now.Ticks

Thanks Ed, but I don't think you can't call it incorrect usage since it is the proper public interface to begin with. Also, the default used in SecureRandom() uses SHA1 internally - something we're not allowed to use anymore. So what ends up happening is something like this: Code (don't use thi

RE: [dev-crypto-csharp] FYI - Low entropy in ThreadedSeedGenerator and DateTime.Now.Ticks

> From: Sid Shetye [mailto:sid...@outlook.com] > > "new SecureRandom(new DigestRandomGenerator(new > Sha256Digest()))" will always produce the same sequence. You're using it wrong. Here, try this: This seeds itself with 1 sample of ticks (approx 8 bits entropy) and 24 bytes ThreadedSeedG

RE: [dev-crypto-csharp] FYI - Low entropy in ThreadedSeedGenerator and DateTime.Now.Ticks

We looked at the RNG seed sources recently when we noticed that the RNG when used as "new SecureRandom(new DigestRandomGenerator(new Sha256Digest()))" will always produce the same sequence. Entropy within a stream is fine but correlations ACROSS streams is a perfect 1.0 which is fatal performance f