The cr.yp.to microblog: 2013.06.05 18:41:46

2013.06.05 18:41:46 (342320351776231425) from Daniel J. Bernstein, replying to "CodesInChaos (@CodesInChaos)" (341940477605576704):

http://eprint.iacr.org/2013/338 advertises "provable security" while sacrificing actual security. Don't use it. @CodesInChaos @matthew_d_green @veorq

Context

2013.06.04 15:48:12 (341914283057238017) from "Matthew Green (@matthew_d_green)":

The problem of re-seeding and recovering PRNG integrity after a 'state compromise' is an interesting one. http://eprint.iacr.org/2013/338 h/t @veorq

2013.06.04 17:32:17 (341940477605576704) from "CodesInChaos (@CodesInChaos)", replying to "Matthew Green (@matthew_d_green)" (341914283057238017):

@matthew_d_green @veorq Doesn't fortuna solve this? IMO initial seeding is the bigger problem, since it's hard to figure out when to unblock