Syllable

randombit · Joined: 09 Dec 2008 Posts: 1

I noticed that the implementation of /dev/random in Syllable will only use a 32 bit seed at most, because the implementation of seed() will overwrite the entire state every time it is called. This means that the output of /dev/random depends only on whatever seed was last set plus the number of times the RNG has been stepped since it was seeded.

Also the use of a Mersenne twister as the PRNG may not be too great, since while it has good statistical properties it is not a cryptographically secure PRNG (seeing enough output of the PRNG allows one to guess all future outputs).

Based on source inspection of latest CVS. From the timestamps, it looks to have been this way since the /dev/random driver was introduced into the system.

Kaj · Posted: Tue Dec 09, 2008 2:59 pm Post subject:

Correct. Our build system recipe for the GNU Privacy Guard, for example, notes this.

Morph · Posted: Tue Dec 09, 2008 4:36 pm Post subject:

Feel like writing a better driver?? Smile

Seriously, patches welcome!

Vanders · The Knights of Syllable Joined: 14 Sep 2007 Posts: 830

Yup. /dev/random is a "Good enough" PRNG implementation. It was never intended to be a cryptographically strong source of randomness.

Vanders · The Knights of Syllable Joined: 14 Sep 2007 Posts: 830

May as well bump this as we discussed some /dev/random issues while trying to get Monotone & Botan working.

1) The /dev/random read() method was throwing away 24 of the 32 bits of each call to rand() by doing a MOD 256 on each call.
2) We discussed the possibility of replacing Mersenne Twister with [url=http://www.schneier.com/yarrow.html]Yarrow[/url], which [i]is[/i] considered a cryptographically secure PRNG.