Skip to content

Should crypto RNGs implement serialization? #31

Description

@dhardy

In #13 (see here) @pitdicker expresses his reservations about CSPRNGs revealing their internal state easily via serialization. I point out that APIs can't provide memory protection anyway.

Anyone else have an opinion?

My thoughts:

  1. It's not that important for CSPRNGs to implement serialization, but there has been interest in at least simpler PRNGs having serialization, and uniformity is generally better
  2. The suggested alternative is not so easily or generally workable
  3. Presumably anyone who is able to serialize a CSPRNG could also get its state some other way (such as transmutation / reinterpret_cast), so lack of serialization isn't much in the way of security

Metadata

Metadata

Assignees

No one assigned

    Labels

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions