[cryptography] Weak random data XOR good enough random data = better random data?

Michael Kjörling michael at kjorling.se
Mon Jul 28 14:18:23 EDT 2014

On 28 Jul 2014 18:23 +0200, from l at odewijk.nl (Lodewijk andré de la porte):
> If I XOR probably random data with good enough random data, does that
> result in at least good enough random data?

If you are truly concerned, have you considered implementing a proper
CSPRNG yourself in Javascript (or using someone else's implementation
of the same; I'm sure they are out there) and seeding that PRNG with
randomness from both sides of the communications channel?

It'd be a bit less obvious to the casual code viewer what's going on,
but you would seem to have a much better shot of guaranteeing a
particular level of randomness provided to whatever uses the PRNG.

Michael Kjörling • http://michael.kjorling.semichael at kjorling.se
OpenPGP B501AC6429EF4514 http://michael.kjorling.se/public-keys/pgp
                “People who think they know everything really annoy
                those of us who know we don’t.” (Bjarne Stroustrup)

More information about the cryptography mailing list