That's only the case when you xor the state. When you append it, it doesn't matter.
Indeed, perhaps there are no cases where you don't lose more than exposed state already lost you.
-
-
One example might be when the attack process is sandboxed some way that precludes exfil.
-
See, sandboxes make this more fun, because gathering entropy in them is super hard. You need to expose entropy to them safely.
-
A consideration in multi-core systems with HRNGs is proper synchronisation of the HRNG to prevent parallel reading of the output
-
Since if core 0 is executing untrusted code in a sandbox, unsynchronised access would allow RNG output sniffing of other code.
-
Trivially exploitable, too. Poll RNG in a tight loop from the attacking core. Sliding window over them. Job done.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.