Performance hits from seeding the random number generator
Pete Chown
Pete.Chown at skygate.co.uk
Thu Sep 21 02:47:23 EST 2000
Wallace, Mark, CTR, OSD/ATL wrote:
> One of our other folks has written a function that produces random output
> for another program. It has been subjected to some informal statistical
> analysis ...
Statistical randomness is only one requirement for cryptographic
systems. You also don't want output from the random number generator
to be predictable, given old data and the state of the system. For
example, the typical C library rand() function passes statistical
tests up to a point, but is also completely predictable.
If your random function satisfies this then it could be worth using.
Otherwise using it would probably compromise your security.
--
Pete
More information about the openssh-unix-dev
mailing list