Bruce Momjian <maillist@candle.pha.pa.us> writes:
> Yes, that may be true. Not sure if having a single random() value can
> predict the next one. If we just use on random() return value, I don't
> think that is possible.
In typical rand() implementations, having the whole of one output value
is sufficient to give you all future outputs. That's why I recommended
using only 8 bits from each of several outputs. I believe that is still
breakable, but less trivially so. (I will be going on vacation
Wednesday morning and don't have time to research better methods before
then, but I do know they exist.)
The real question we need to ask here is not the details of generating
a one-time secret key, but what attacks we need to defend against and
how to do that. A simple secret code per my original proposal is clearly
not proof against a packet-sniffing attacker. Should we beef up the
coding, or consider that such an attacker must be met directly by
encrypting communications? If the latter, how do we encrypt the first
packet sent to or from the postmaster?
regards, tom lane
