[squeak-dev] Seeding instances of Random

Eliot Miranda eliot.miranda at gmail.com
Thu Nov 5 16:57:36 UTC 2015


Seems to me that the relevant values are

primUTCMicrosecondClock (varies frequently)
MAC address of a network interface ("unique" to a machine)
Process Id/handle of VM (changes frequently, unique between simultaneous launches)

Why would a combination of these three be insufficient?

_,,,^..^,,,_ (phone)

On Nov 3, 2015, at 11:05 AM, Chris Muller <asqueaker at gmail.com> wrote:

>> We can still use it to initalize the PRNG by using additional sources of
>> entropy (image name, path, vm version, whatever). We can use SHA1 to get
>> "more random" bits from out entropy sources. But this is more like a last
>> resort than a solution to rely on.
> 
> I always thought a good list of hard-to-guess attributes injected in
> sequence with SHA1 feedback should be sufficiently hard to guess.
> 
> millisecondClockValue, primUTCMicrosecondClock, timezone, Locale,
> available memory, consumed memory, vmpath, localpath, Display extent,
> Display imageForm, Sensor mouseX / mouseY, OS string,
> millisecondsToRun this
> 
> I'm not against the new primitive idea, just have always been curious
> about digital security..
> 


More information about the Squeak-dev mailing list