On Sunday, 26 February 2017 at 18:33:08 UTC, ketmar wrote:
cym13 wrote:
Hi,
I found many times that people use unpredictableSeed in
combination with normal PRNG for cryptographic purpose. Some
even go as far as reseeding at each call to try making it more
secure.
It is a dangerous practice, most PRNG are not designed with
security (and unpredictability) in mind, and unpredictableSeed
was definitely not designed with security in mind (or it
failed heavily at it). It's a good tool when one needs
randomness, not security.
I wrote a blog post to present exactly why this is a bad idea
and how it could be exploited [1].
The best would be to add a standard CSPRNG interface to Phobos
but we aren't there yet.
[1]: https://cym13.github.io/article/unpredictableSeed.html
"like /dev/random on Linux"
(sighs) it was so good until this...
That's a typo actually, I meant urandom, I'll correct it.
Actually it would be better not to use urandom directly but use
it as source to regularly reseed another PRNG in order to avoid
some warts but meh. As a first step it's good enough as it is.