On 5/29/2013 5:24 PM, Udon Shaun wrote:
it doesn't matter how long and complicated a chain of
generators you string together - you cannot make entropy where there was
none before.
Agreed. However I have control over what rand() is seeded with (without hacking the
SQLite codebase - that would be sacrilege) and have verified it is definitely not zero
and not "similar" on each invocation for all platforms.
The proof, however, will be after I run the chain through the full suite of NIST and
"DieHarder" tests (didn't want to if I could get away with it). Initial "quick"
statistical tests (on windows7) seem to indicate it should do well and ENT
(http://www.fourmilab.ch/random/) agrees (Entropy 7.9991, ChiSQ 257.532, Exceed 44.38%).
If you know how to securely seed rand(), why don't you just seed Fortuna
directly? And what's the place of SQLite in this picture?
--
Igor Tandetnik
_______________________________________________
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
