How good is LavaRnd?
LavaRnd Quality: Impervious to seed search attacks
Pseudo-Random Number Generators
(PRNG)
suffer from the problem that they are
completely deterministic with respect to their seed.
If attackers know the seed of a
PRNG, then
they can predict ALL of the
PRNG
output with complete certainty.
A 2048 bit RSA public key whose primes were
selected by a
PRNG
seeded with a 32 bit seed will not be
any stronger than a simple 32 bit key.
|
|
|
A
PRNG
with a 32 bit seed can, at most, produce 232
different output sequences.
If attackers are given a sample of pseudo-random number output,
they could iterate through every possible seed until they find a seed
that produces the same output.
With only a few bytes of PRNG output, the chance of a
false positive seed match will be low.
Even when more than one seed turns up as a potential candidate, the
attacker need only observe a little more pseudo-random output to narrow
the search down to the correct seed.
With this correct seed, the attacker is able to predict ALL of the
PRNG output with complete certainty.
LavaRnd does not suffer from the seed search attack problem because it
is not a PRNG - LavaRnd has no seed.
Even when attackers have an extensive amount of LavaRnd output, they
still have no better than random chance to predict past or future output.
What is next?
|