Reputation: 1327
Cryptographically-secure pseudorandom number generator seed
Do we need to seed a CSPRNG with a truly random number? Examples and documentation use truly random numbers, but no justification is given (that I can find).
If we were to seed one with a pseudorandom number, I don't see what the difference would be compared to with a truly random seed. If someone finds either of the seeds, then the encryption fails anyway.
Upvotes: 2
Views: 499
Answers (2)
Reputation: 1700
Essentially, determining the seed is sufficient to determine the entire output of a pseudorandom generator.
As a result, you want a seed that isn't predictable or determinable.
Pseudorandom output is (under some circumstances as described two paragraphs ago) determinable or predictable.
Beyond that, it is a trade-off. You've already decided to use pseudorandom numbers instead of real randomness, so it is probably an acceptable trade-off in your mind.
Upvotes: 0
Reputation: 33406
You are correct, but the idea is that it's easier to find a successive pseudorandom seed than it is to find a truly random seed. This is especially true if a lot of numbers are generated in succession really quickly (and if the seed ever changes, which it usually does).
Upvotes: 0
Related Questions
- How can I generate a cryptographically secure pseudorandom number in C#?
- How to create a publicly visible, provably random seed ahead of time? (Verifiable random number)
- Looking for a pseudo random number generation algorithm with specific properties
- How does a cryptographically secure random number generator work?
- seeding secure random in java
- Seeded Pseudo Random Number Generator
- Seeding a secure random number in java
- What is the most secure seed for random number generation?
- Numeric, reversible, pseudorandom number generator, for very large numbers
- cryptographic secure random number generator