Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> My intuition is that this is dangerous and will likely result in security bugs in the future.

Dangerous in what way? If it's properly mixed into the pool, it shouldn't make the pool more predictable.



It can be dangerous in a lot of ways.

Is JitterEntropy actually a CSPRNG or just a PRNG?

Is it fork-safe?

Is VeraCrypt's implementation secure?


Sorry, I mixed up the comment thread in which I was responding. I thought you were replying to the comment mentioning Linux adding a jitter entropy source during early boot in an effort to mitigate the lack of other entropy at that stage.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: