Hacker News new | past | comments | ask | show | jobs | submit login

I don't think that is what the article said. Where do you read that the machine uses the user's timing to seed the PRNG? It talks about timing the button presses but my understanding was that that was only used after the PRNG was cracked. The PRNG is cracked by measuring the timings of on screen cues. These cues are essentially outputs from the PRNG. There is nothing that indicates the user's timing is used as a seed as far as I can tell.



I assume you understood that by timing I didn't mean seconds from 1970. Beyond that this seems to be getting into semantics territory on how we define 'seed'. To be clear, I agree with what you're saying about the PRNG flaw.

We can probably agree that PRNG is a function that takes an input and produces an output. I guess you take issue with me calling this input the seed. My use is probably a simplification indeed, but I thought one that doesn't change any principles. Because the user's interaction timing is crucial, it seems pretty clear to me that the exploit is about influencing the input of the PRNG. We can call this input something else, e.g. internal state. Or we can call it the seed.


The seed of a PRNG is a pretty well defined thing.


Successful communication depends on participants understanding eachother. You'll notice that the context of my comment was replying to a person who stated that they are not a programmer. Filling my post with unnecessarily precise lingo would work to undermine my goal which is to convey a basic idea.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: