[squeak-dev] Seeding instances of Random
Eliot Miranda
eliot.miranda at gmail.com
Thu Nov 5 16:57:36 UTC 2015
Seems to me that the relevant values are
primUTCMicrosecondClock (varies frequently)
MAC address of a network interface ("unique" to a machine)
Process Id/handle of VM (changes frequently, unique between simultaneous launches)
Why would a combination of these three be insufficient?
_,,,^..^,,,_ (phone)
On Nov 3, 2015, at 11:05 AM, Chris Muller <asqueaker at gmail.com> wrote:
>> We can still use it to initalize the PRNG by using additional sources of
>> entropy (image name, path, vm version, whatever). We can use SHA1 to get
>> "more random" bits from out entropy sources. But this is more like a last
>> resort than a solution to rely on.
>
> I always thought a good list of hard-to-guess attributes injected in
> sequence with SHA1 feedback should be sufficiently hard to guess.
>
> millisecondClockValue, primUTCMicrosecondClock, timezone, Locale,
> available memory, consumed memory, vmpath, localpath, Display extent,
> Display imageForm, Sensor mouseX / mouseY, OS string,
> millisecondsToRun this
>
> I'm not against the new primitive idea, just have always been curious
> about digital security..
>
More information about the Squeak-dev
mailing list
|