undefined | Better HN

0 pointsUncleMeat5y ago0 comments

I wouldn't be so universal with this statement.

Some cryptosystems really do need uniform randomness (ECDSA) rather than just negligible probability of choosing values. Other cryptosystems depend on not reusing values, though the values could be predictable. Sometimes there are subtle shifts in these needs based on modes (AES/CBC vs AES/GCM is a good example).

0 comments

1 comments · 1 top-level

jfindley5y ago

Thanks for the comment, yes I should have phrased that very differently.

What I was trying to say is that the kernel CSPRNG (exact mechanism depends on version) mixes together a bunch of things that aren't truly random from an information-theoretical perspective in order to produce uniform random output from the CSPRNG function - and that it doesn't actually matter that those sources aren't information-theoretically random. That'll teach me to comment in haste!

j / k navigate · click thread line to collapse