alt Hacker NewsThe point of CSPRNG constructions is that there isn't a "budget bits" of seed. Again: this idea is pretty core to the design of the LRNG.
Neither of your constructions is secure.
The point of CSPRNG constructions is that there isn't a "budget bits" of seed. Again: this idea is pretty core to the design of the LRNG.
Neither of your constructions is secure.
To paraphrase how I see things going so far, plus one:
1. tptacek: "It's hard to imagine how Cloudflare's lava-lamps could ever make the cryptography worse."
2. Terr_: "Well, technically it could make it worse, if 'hey look we're using a cool lava-lamp wall' comes at the expense of opportunities to insert higher-quality entropy from some other source."
3. tptacek: "It doesn't matter because they can just add it to everything else."
4. Terr_: "I didn't say adding, I said substituting."
5. tptacek: "A CSPRNG algorithm always lets you add more passes and bits. You don't have to make that choice."
6. Terr_: "But Cloudflare does have to make that choice because sensors and computers and CPU-cycles and budgets are all limited! Those constraints are the entire reason we're even using a CSPRNG in the first place."