[cryptography] Weak random data XOR good enough random data = better random data?

Kevin kevinsisco61784 at gmail.com
Mon Jul 28 13:19:45 EDT 2014


On 7/28/2014 12:23 PM, Lodewijk andré de la porte wrote:
> Hey everyone,
>
> If I XOR probably random data with good enough random data, does that 
> result in at least good enough random data?
>
>
> I'm working on some Javascript client side crypto. There's a 
> cryptographic quality random generator present in modern browsers, but 
> not in older ones. I also don't trust browsers' random generators' 
> quality.
>
> I'd like to ship a few KB (enough) of random data and XOR it with 
> whatever the best-available RNG comes up with. That way the user can 
> still verify that I didn't mess with the randomness, no MITM attacks 
> can mess with the randomness, but given a good transport layer I can 
> still supplement usually bad randomness.
>
> I don't see how it could reduce the randomness to XOR with patterned 
> data. If someone knows better of this, let me know. If I'm correct 
> that also means it should be okay to reuse the few KB's should they 
> ever run out (in this system), at worst it no longer improves the 
> randomness. I don't expect that to ever happen, and I'd prefer 
> requesting new KB's, but it's still interesting.
>
> Could someone confirm this whole thought-train for me? That means, is 
> it a good idea to (over HTTPS) send some randomness*, XOR it with the 
> best-available RNG for better randomness? I actually feel pretty 
> confident about it, just asking for (a few) second opinion(s).
>
> Best regards,
> Lewis
>
> * It'd probably siphon down from a Linux OS, but ofc the code is 
> portable so randomness is probably low quality too.
>
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography

The words "probably" and "good enough" do not sit well with me.  I think 
javascript uses the mt random number generator.  My advise is combine 
that with another source and a hash.  In other words:
Good enough is not good enough.


-- 
Kevin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20140728/f5aaee12/attachment.html>


More information about the cryptography mailing list