Yo! Zalazny wantabe ... Re: @ Mark 65 Possible deadly flaw - compromised software
One of the assumptions of intelligence is that you assume your opponent has perfect intelligence. Thus they'd have the noise file as well. The proposed solution here is far better than your approach. Nice one, though.
Love your lit reference to a fantasy/fiction character that can never die...
But you missed the point.
No. Perfect intelligence would be that they have the same random noise sample. Thus if you use a less than random number generator, it would be possible to generate a series of pairs of random numbers (offset and length) and could then generate the same hash that you use. (Assuming that they also know which hash you are using.)
But the attacker doesn't have your random noise file, nor do they know which hash algo you're using. So they can't easily find your seed. Which is the point.
Note: I was responding to a fellow commentard who believes that FOSS is better than a proprietary solution. Which in this case isn't true. I just created a simple way to generate a secure random number that would be very difficult to break. The whole example was how to get a more random number or seed for your encryption algo than one from simply using a random number generator which you may find to be less than random...
Biting the hand that feeds IT
