[Haskell-cafe] Re: Password hashing
barsoap at web.de
Thu Oct 30 09:13:35 EDT 2008
Martijn van Steenbergen <martijn at van.steenbergen.nl> wrote:
> roger peppe wrote:
> > if you're prepared to expend a few cpu cycles, you can always
> > use something like the following "beating clocks" algorithm, which
> > should generate
> > at least some genuine randomness, as long as you've got preemptive
> > scheduling, and a few hardware interrupts around the place.
> I was taught that using the scheduler to generate randomness is a
> pretty bad idea, because randomness is actually a *very* strong
> property to demand from a stream of bits, and a scheduler doesn't
> offer any such guarantees.
The scheduler is as fine a chaotic system as your average cube
centimetre of air: Very, very little disturbances (like a keypress or a
network packet) can change the order of task switching drastically,
even more so if stuff runs with different priorities.
What it certainly (hopefully) won't guarantee is a random distribution
over a wide range, but what it will have is an infinite period as it's
based on external events. You can fix the distribution problem with a
secure hash of your choice.
(c) this sig last receiving data processing entity. Inspect headers
for copyright history. All rights reserved. Copying, hiring, renting,
performance and/or quoting of this signature prohibited.
More information about the Haskell-Cafe