[cryptography] Weak random data XOR good enough random data = better random data?
tom at ritter.vg
Thu Sep 4 19:14:27 EDT 2014
On 4 September 2014 08:46, Aaron Toponce <aaron.toponce at gmail.com> wrote:
> There are a couple things that you can do for older browsers that don't support
> 1. You can build your own CSPRNG using either Blum Blum Shub or Blum
> Micali. In both cases, the CSPRNG is slow, and you'll need to rely on a
> bigint.js library for the primes, but if all you need is a few KB of
> to all the rules, and it performs "good enough", and the security lies
> in the hard factoring problem.
> 2. You can checkout isaac.js at https://github.com/rubycon/isaac.js. ISAAC
> is a CSPRNG written by Rober Jenkins in 1996, and based on RC4. It is
> fast and secure.
The second one of these appears to seed itself, if you do not, using
In the first, how do you seed it?
In both cases, if I can enumerate all possible seeds in 2^40 and
iterate your CSPRNG, I can recreate your random stream. You need to
seed these algorithms with a seed that is from a secure random number
More information about the cryptography