Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

With a PRNG the seed must be kept secret and non-reverse-engineerable. Isn't that a real disadvantage compared with a TRNG?


Once a seed is fed to a PRNG, it can be deleted. But you still have a point, because the state of an OS PRNG can be saved and restored, for example when the machine sleeps, and a hacker could potentially access this to reproduce generated bits. But whenever the entropy pool is seeded with new entropy, any previous state values become useless.


Exactly, you need to protect the state of the PRNG and you need to ensure that the seed isn’t deterministic or easily reversed (time of day, 0, etc). That includes recovery from events and timing seen by the hypervisor. And some cloud VMs don’t have a non-deterministic entropy pool, or one safe from the hypervisor.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: