On Tuesday, 31 March 2015 at 16:24:02 UTC, John Colvin wrote:
On Tuesday, 31 March 2015 at 16:10:07 UTC, Adam D. Ruppe wrote:
On Tuesday, 31 March 2015 at 15:59:53 UTC, John Colvin wrote:
Like almost never? I can't think of any reason to ever do
that.
I mentioned it because of this story:
https://www.schneier.com/blog/archives/2008/05/random_number_b.html
I'm sure there's better ways to do it, but since a similar
technique was used in a high profile product, I thought I'd
mention it as a possible use.
though I'd recommend against trying this at home for anything
serious since there's better sources of more random
randomness...
In general, I can't think of a worse way of choosing a seed
other than a fixed value*. It's actually quite interesting
thinking of all the ways it's bad :)
More fun than I thought:
Depending on the OS and toolchain, you might be looking at
anything in the current process (at best).
That seed might be directly drawn from user data: an attacker
could conceivably now choose your seed.
The seed might contain sensitive data: an attacker who can
measure the output of the PRNG might be able to work backwards to
find the seed, exposing the data.
You might always seed 0, or some other fixed value, or something
almost always fixed depending on the program state: heavily
biased towards certain values, bad for randomness.
Based on observable state, an observer could conceivably infer or
predict the value of the seed and hence predict future values
from the PRNG.
and so on...
