[cryptography] Weak random data XOR good enough random data = better random data?

Lodewijk andré de la porte l at odewijk.nl
Mon Jul 28 12:23:12 EDT 2014


Hey everyone,

If I XOR probably random data with good enough random data, does that
result in at least good enough random data?


I'm working on some Javascript client side crypto. There's a cryptographic
quality random generator present in modern browsers, but not in older ones.
I also don't trust browsers' random generators' quality.

I'd like to ship a few KB (enough) of random data and XOR it with whatever
the best-available RNG comes up with. That way the user can still verify
that I didn't mess with the randomness, no MITM attacks can mess with the
randomness, but given a good transport layer I can still supplement usually
bad randomness.

I don't see how it could reduce the randomness to XOR with patterned data.
If someone knows better of this, let me know. If I'm correct that also
means it should be okay to reuse the few KB's should they ever run out (in
this system), at worst it no longer improves the randomness. I don't expect
that to ever happen, and I'd prefer requesting new KB's, but it's still
interesting.

Could someone confirm this whole thought-train for me? That means, is it a
good idea to (over HTTPS) send some randomness*, XOR it with the
best-available RNG for better randomness? I actually feel pretty confident
about it, just asking for (a few) second opinion(s).

Best regards,
Lewis

* It'd probably siphon down from a Linux OS, but ofc the code is portable
so randomness is probably low quality too.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20140728/017a1a4f/attachment.html>


More information about the cryptography mailing list