A good PRNG should make the state of the RNG not provide any previous outputs (forward security). This can be important for example in java where the objects sit around a while in memory. Further, even with some subset of the previous outputs and the current state, one should not be able to derive any other previous outputs. Obviously state disclosure is not forward secure unless reseeded (not exactly a PRNG in that case) Yarrow has good information on seeding for forward security. Schneier's "Practical Cryptography" has good details on RNG attacks. -- http://www.subspacefield.org/~travis/ Remediating... LIKE A BOSS
pgpvZuFt_Uiew.pgp
Description: PGP signature
_______________________________________________ RNG mailing list [email protected] http://lists.bitrot.info/mailman/listinfo/rng
