On Fri, January 24, 2014 9:02 am, Krisztián Pintér wrote:
>
> Michael Hammer (at Friday, January 24, 2014, 12:19:03 AM):
>>
>> Was thinking in terms of how an app with access to alternate random
>> sources,
>> some which might be from OS or from some software, might choose one over
>> another.
>
> if you are adamant on doing homebrewed, why choose? you can combine
> them. if your combinator is good, you can't lose.
^^^^^^^^^^^^^^^^^^^^
Is that all there is to it? This sounds like only the generation function
of a random bit generator. Shouldn't there also be some process that
handles the internal state necessary to do the generation? Shouldn't
that process have certain security properties, for instance allowing the
continued generation of a random bit stream* when an attacker is able
to limit (some of) the input(s) to the "combinator"?
This is really more like "home distilling" than "home brewing" in
that if you don't do it right it will kill you instead of just taste bad.
So, on the contrary, I think you definitely can lose.
Dan.
* random in the sense that to the attacker an n-bit sample appears
uniformly distributed over the entire set of n-bit vectors.
_______________________________________________
dsfjdssdfsd mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dsfjdssdfsd
