4

Is it recommendable to instantiate an OpenSSL or Crypto++ cryptographically secure random number generator, seed it once, and use it sequentially in multiple cryptographic operations like generating keys, encryption, signing etc.?

Will this be be secure enough to handle multiple uses without compromising the security?

Is it considered a safe practice to use different PRNGs for each operation and seed them differently? Are there any nuances that should be considered?

SkypeMeSM
  • 3,197
  • 8
  • 43
  • 61
  • 1
    I say in cryptography the more unpredictability, the better. Therefore use one PRNG per operation, or probably use one value from old PRNG as additional noise in your next PRNG initialization. – Vesper Jul 22 '15 at 14:00
  • I agree. But I am also interested in knowing what people generally do as part of accepted practice. – SkypeMeSM Jul 22 '15 at 14:26
  • The more data is generated from a single PRNG the more likely it is that an attacker will be able to break it. Better to use multiple PRNGs so each has a smaller volume of output. – rossum Jul 22 '15 at 15:11
  • @rossum: a cryptographic PRNG is designed to avoid exactly that. You are supposed to use it over and over. – Jay Jul 22 '15 at 16:21
  • 1
    This might better suited for [crypto.se] or [security.se] (preferred). – Artjom B. Jul 22 '15 at 16:51
  • Please take off of hold. This is a good question with definite right and wrong answers. If you think it's "opinion based", then you don't know enough about the subject. – Lee Daniel Crocker Jul 22 '15 at 21:55
  • I edited the question in an attempt to disgorge the reason for the close without changing the intentions of the question. There are some nuances here that need to be explained, and they are [OpenSSL|Crypto++] context specific. (I can't provide an answer when the question is Closed or On Hold). – jww Jul 23 '15 at 00:10
  • Need one more vote for reopen. To get some information on this question. Thanks. – SkypeMeSM Jul 23 '15 at 18:41

1 Answers1

4

Stay with the same cryptographically secure PRNG. I know it seems to make more sense to change, but it is a big mistake to apply common sense when higher math is called for. Never "roll your own" crypto, or change the methods, or make any "improvements" no matter how much sense they seem to make. Stick with proven methods, tested algorithms, and open source code written by people with a good reputation.

Cryptographically secure PRNGs are very different from the standard PRNGs used for things like Monte Carlo simulation. They are specifically designed to be unpredictable even when a long sequence of values is taken. If you try to "improve" on that by switching, you are more likely to screw it up.

Also, good hardware true RNGs are cryptographically secure by their nature, so the best possible option if you have it is to use something like random.org.

The worst you could possibly do is change PRNGs every key. Now you're not getting a random sequence at all, but a sequence which is a hash function of your seeds, and only as good as your seeds and the seeding function of each PRNG.

Lee Daniel Crocker
  • 12,927
  • 3
  • 29
  • 55
  • 1
    That depends on how much new entropy there is available to feed the CSPRNG. If there is insufficient entropy to feed it, then it becomes a PRNG with good cryptographic properties. If you take megabytes of random data from a CSPRNG with only kilobytes of entropy going in, then those extra bytes have to come from somewhere. – rossum Jul 22 '15 at 16:55
  • Adding entropy multiple times is akin to reseeding the CSPRNG multiple times, which is same as using multiple CSPRNGs. – SkypeMeSM Jul 22 '15 at 17:32
  • Well, it's more complicated than both of you imply. Yes, seeding a CSPRNG with too little entropy weakens it, but I consider avoiding that part of what makes it "CS" in the first place. If the PRNG even allows you to do that, it's not really CS. Second, some CSPRNGs (like Yarrow) are specifically designed to add entropy while in use; others are not. I stick with my advice: pick a good one, follow its rules. – Lee Daniel Crocker Jul 22 '15 at 20:19