On Friday 16 May 2008 00:47:52 Thor Lancelot Simon wrote: > On Thu, May 15, 2008 at 11:45:14PM +0200, Bodo Moeller wrote: > > It may be zero, but it may be more, depending on what happened earlier > > in the program if the same memory locations have been in use before. > > This may very well include data that would be unpredictable to > > adversaries -- i.e., entropy; that's the point here. > > Unfortunately, it may also very well include data that would be > highly predictable to adversaries.
If feeding predictable data into a PRNG that was already well seeded with unpredictable data produced a weaker PRNG, then you have found a security bug in the PRNG and I suggest you publish. (Or put it in a distribution-local patch and wait a couple of years...) After all, the PRNG itself is "highly predictable to adversaries" - it's open source - so the requirement of the PRNG is for it's stirring mechanism to be essentially mononotic w.r.t. entropy gained from the input. Any unpredictability in the data you feed it should make the PRNG output correspondingly unpredictable - and that should not become more predictable (ie. less unpredictable) because you supplement the existing unpredictable input with predictable input. That's the point - feed whatever you've got into it, and the resulting "randomness" is (roughly) as good as the total entropy of your input, no matter how sparse that input's entropy was. Cheers, Geoff ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
