I don't know who needs to know this, but a cryptographic seed can safely generate about 700M times its size in secure random output. Meanwhile a Sequoia seed can generate a Redwood tree that is about 2.5B times its volume.
-
-
Replying to @colmmacc @CiPHPerCoder
It's not really a linear relationship for cryptographic seed sizes. The security often rely on the "birthday bound" which depends on cipher block size. The outdated cipher 3DES-CBC w/ 64 bit blocks (although the key is longer) is safe for ~785 GB data, that's 40B times expansion.
1 reply 0 retweets 1 like -
Replying to @Natanael_L @CiPHPerCoder
That doesn't sound right. I'm not sure what the usage limits would be now in light of sweet32, but it'd have to be much much lower.
3 replies 0 retweets 0 likes -
Replying to @colmmacc @Natanael_L
AES is a PRP, not a PRF, so a PRNG based on AES-CTR won't generate collisions until the counter wraps after 2^128 encryptions without rekeying.
1 reply 0 retweets 1 like -
Replying to @CiPHPerCoder @Natanael_L
That's *definitely* not safe; with enough volume of output, the stream becomes statistically predictable. Blocks you haven't seen yet, become more and more likely. Take a look at the AES-CTR DRBG design and where it's limits are.
2 replies 0 retweets 0 likes -
Replying to @colmmacc @Natanael_L
I'll check it out :) For flavor, though, I'm a fan of the kCSPRNG rekeying often, and all userland code deferring to the kCSPRNG instead of rolling their own.
1 reply 0 retweets 0 likes
For serious cryptography, I think it's ok to use the kernel rng to seed when you have nothing better, but that's it. Too many kernels have home-brew RNGs that change their designs too often, aren't formally verified, and have maintainers who don't understand cryptographic basics.
-
-
Additionally, they're just not performant enough for things like line-rate networking. If you have to go through the syscall barrier, that's a serious penalty.
0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.