On 7/28/2014 12:23 PM, Lodewijk andré de la porte wrote:
Hey everyone,
If I XOR probably random data with good enough random data, does that
result in at least good enough random data?
I'm working on some Javascript client side crypto. There's a
cryptographic quality random generator present in modern browsers, but
not in older ones. I also don't trust browsers' random generators'
quality.
I'd like to ship a few KB (enough) of random data and XOR it with
whatever the best-available RNG comes up with. That way the user can
still verify that I didn't mess with the randomness, no MITM attacks
can mess with the randomness, but given a good transport layer I can
still supplement usually bad randomness.
I don't see how it could reduce the randomness to XOR with patterned
data. If someone knows better of this, let me know. If I'm correct
that also means it should be okay to reuse the few KB's should they
ever run out (in this system), at worst it no longer improves the
randomness. I don't expect that to ever happen, and I'd prefer
requesting new KB's, but it's still interesting.
Could someone confirm this whole thought-train for me? That means, is
it a good idea to (over HTTPS) send some randomness*, XOR it with the
best-available RNG for better randomness? I actually feel pretty
confident about it, just asking for (a few) second opinion(s).
Best regards,
Lewis
* It'd probably siphon down from a Linux OS, but ofc the code is
portable so randomness is probably low quality too.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
The words "probably" and "good enough" do not sit well with me. I think
javascript uses the mt random number generator. My advise is combine
that with another source and a hash. In other words:
Good enough is not good enough.
--
Kevin
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography