You can mix as much non-random, predictable data as you like into this. As long as you have one good source of entropy, it's safe.
If you can steal the state, there's an opportunity to try to provide bad data to be mixed, with vast computing resources.
-
-
If you can steal the state then you can predict random numbers until the next reseed anyway. But yes, that's why you use a hash.
-
If you control all the entropy going in then you win anyway. If you control all but a single good entropy source then you lose.
-
to break you'd need a break in H such that H(s+u+q) is predictable, where u is an unknown, s is known & q is a value you picked.
-
s being the state, u being the unpredictable output of a good entropy source, and q being bad entropy from you.
-
Or worse, you'd need to make H(H(s+u)+q) predictable. Which would be a ludicrous break of the hash.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.