[cryptography] Weak random data XOR good enough random data = better random data?

Seth David Schoen schoen at eff.org
Mon Jul 28 15:04:01 EDT 2014


Lodewijk andré de la porte writes:

> I don't see how it could reduce the randomness to XOR with patterned data.
> If someone knows better of this, let me know. If I'm correct that also
> means it should be okay to reuse the few KB's should they ever run out (in
> this system), at worst it no longer improves the randomness. I don't expect
> that to ever happen, and I'd prefer requesting new KB's, but it's still
> interesting.

DJB describes a more complicated scenario in which an active attacker
manipulates one source of entropy in order to reduce the unpredictability
of the overall output.

http://blog.cr.yp.to/20140205-entropy.html

I guess the other bad case is where both sources are systematically
correlated in some way (that doesn't change their overall statistics
individually, and that an attacker wouldn't otherwise have been able
to notice).  It's hard to see a path to that in this case.  But you
could certainly construct an artificial scenario where it's true.

DJB also announced a randomness-generation mailing list in that post;
I'm not sure what level of participation it's gotten, but that might
be another good place to bring up this topic.

-- 
Seth Schoen  <schoen at eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107


More information about the cryptography mailing list