Free chat girls easy ragister global dating agency singles singles personals romance lo
There are two important weaknesses to keep in mind.
The use of time for sending a random number generator is a violation of CWE-337.
The point I want to make here is that a seed is "secure" only if it is used in a context where it can remain secure, which more or less implies a cryptographically secure PRNG and some tamper-resistant storage.Even a remote attacker can obtain such information; this has been demonstrated (in lab conditions) on AES encryption (typical AES implementations use internal tables, with access patterns which depend on the key; the attacker forces cache misses and detects them through precise timing of responses of the server). The seed is secure as long as it remains unknown to the attacker; this property must hold true afterwards.In particular, it shall not be possible to recover the seed from excerpts of the subsequent PRNG output.every event comes with some data, and occurs at a measurable instant (modern processors have very accurate clocks, thanks to cycle counters).Those instants, and the event data contents, can be accumulated as entropy sources.