Subject: Re: [boost] [uuid] Issue 9407: please merge fix
From: Antony Polukhin (antoshkka_at_[hidden])
Date: 2015-01-19 05:54:18
2015-01-17 19:31 GMT+04:00 Peter Dimov <lists_at_[hidden]>:
> Antony Polukhin wrote:
>> So mixing in some additional entropy seems reasonable.
> There is no guarantee that mixing in highly predictable, or constant,
> values using SHA1 improves the quality of the random numbers, or decreases
> their predictability. It is not at all impossible for such amateur
> improvements to actually decrease the quality of the original source.
> The only genuine entropy here is QueryPerformanceCounter, which is already
> incorporated into the output of CryptGenRandom.
> And in fact, the goal of the original code has never been to achieve
> crypto quality randomness, or even to approach the quality of
> CryptGenRandom. It's just for UUID generation, after all.
Agreed. But the initial goal of the pull request is just to avoid reads of
uninitialized memory. Original methods of gathering entropy (those that
possibly decrease quality) remain almost untouched, just CryptGenRandom is
added as a bonus.
-- Best regards, Antony Polukhin
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk