Entropy gathering tip: PRNGs, LFSR, xor, addition, bitshifting, hashing, etc. produce zero entropy whatosever and may well lessen entropy.
True only as long as the provider of the non-random, predictable data can't see the state. If it can, you're screwed.
-
-
That's only the case when you xor the state. When you append it, it doesn't matter.
-
I assume you're referring to Linux's ill-advised implementation of directly xor'ing RDRAND output into the kernel entropy pool.
-
Yes that was one example I had in mind, but I'd be cautious about assuming more subtle ones don't exist.
-
The key part here is that a transistor-level RDRAND output that just mirrors the existing pool is fairly feasible.
-
Whereas the amount of logic required to attack a hash-based system would be much larger and much more obvious to anyone looking.
-
Not thinking purely silicon. Something heartbleed-like could allow more advanced attacks.
-
Heartbleed was a memory disclosure limited to the target process. It wouldn't be affected by entropy mixing choice.
-
Were you thinking of Rowhammer? That's probably more relevant.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.