On 4 September 2014 08:46, Aaron Toponce wrote:
> There are a couple things that you can do for older browsers that don't
> support
> crypto.getRandomValues():
>
> 1. You can build your own CSPRNG using either Blum Blum Shub or Blum
>Micali. In both cases, the CSPRNG is slow, and you'
On Mon, Jul 28, 2014 at 06:23:12PM +0200, Lodewijk andré de la porte wrote:
> I'm working on some Javascript client side crypto. There's a cryptographic
> quality random generator present in modern browsers, but not in older ones.
> I also don't trust browsers' random generators' quality.
>
> I'd
Not really. At minimum it's 2^128 bytes. But it's probably closer to 2^160.
On Thu, Sep 4, 2014 at 12:37 AM, Givon Zirkind wrote:
> forgive me for jumping into the middle of the conversation. but, if
> memory serves, such a scheme is limited to 2^128 bytes. then, the counter
> repeats. whic
isn't the simplest solution would be to concatenate or XOR a counter?
Thus H[0] = Hash(input)
H[N] = Hash(H[N-1]+CTR)
considering that hashes from MD4 to SHA-2 all have block sizes of 512 bits,
much larger than their outputs, one could simply concatenate a 128-bit
counter.
___
On Mon, Jul 28, 2014 at 9:23 AM, Lodewijk andré de la porte
wrote:
> If I XOR probably random data with good enough random data, does that
> result in at least good enough random data?
>
Yes, in fact, it's provably at *least* as random as the most random of the
two data sources:
https://en.wiki
From: Lodewijk andré de la porte
Subject: Re: [cryptography] Weak random data XOR good enough random data =
better random data?
Come to think of it, is there or why isn't there a block-cipher mode that
chains using a hashing algorithm?
The main reason would be difficulty in proving sec
Come to think of it, is there or why isn't there a block-cipher mode that
chains using a hashing algorithm?
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
Thanks for the responses everyone!
Reg. making a CSPRNG in JS: I don't have experience and wouldn't trust it.
Using someone else's is even worse, I find other's often do things even
worse (somehow). And seeding it would sort of have moved the problem rather
than solving it. A PRNG shouldn't be abl
On 2014-07-29 02:23, Lodewijk andré de la porte wrote:
Hey everyone,
If I XOR probably random data with good enough random data, does that
result in at least good enough random data?
Yes, but other mixing functions are better.
Best to hash all streams together, rather than xor them together.
You're talking about two different things here.
As others have said, if you XOR good random with 'not very good but
non-malicious random' - you are unlikely to reduce the entropy. (And
as Seth said, if you XOR good random with malicious random (e.g. a
trojaned RDRAND instruction) you're in bad sh
Lodewijk andré de la porte writes:
> I don't see how it could reduce the randomness to XOR with patterned data.
> If someone knows better of this, let me know. If I'm correct that also
> means it should be okay to reuse the few KB's should they ever run out (in
> this system), at worst it no longe
Den 28 jul 2014 18:23 skrev "Lodewijk andré de la porte" :
>
> Hey everyone,
>
> If I XOR probably random data with good enough random data, does that
result in at least good enough random data?
>
> I'm working on some Javascript client side crypto. There's a
cryptographic quality random generator
On 28 Jul 2014 18:23 +0200, from l...@odewijk.nl (Lodewijk andré de la porte):
> If I XOR probably random data with good enough random data, does that
> result in at least good enough random data?
If you are truly concerned, have you considered implementing a proper
CSPRNG yourself in Javascript (
On 7/28/2014 12:23 PM, Lodewijk andré de la porte wrote:
Hey everyone,
If I XOR probably random data with good enough random data, does that
result in at least good enough random data?
I'm working on some Javascript client side crypto. There's a
cryptographic quality random generator presen
Hey everyone,
If I XOR probably random data with good enough random data, does that
result in at least good enough random data?
I'm working on some Javascript client side crypto. There's a cryptographic
quality random generator present in modern browsers, but not in older ones.
I also don't trus
15 matches
Mail list logo