Closed javenwang closed 5 years ago
Thanks for the tip
I did a little thinking about the necessity of re-seeding the random number generator.
From what I've read so far, re-seeding the PRNG is necessary because after observing a large number of generated values, an attacker will be able to predict future values. This crucial when you generate session ids, tokens etc.
I'll make a few statements which I assert they are true and I would like to get comments and counter arguments:
As long as the attacker cannot control future salt values, which you be catastrophic, everything is fairly safe.
Any thoughts?
This is not an issue but just for people who are using jargon2 with Vert.x
For now
SecureRandomSaltGenerator
used by jargon2 does notsetSeed()
periodically which is recommended.If you are using Vert.x, please notice:
So thanks for the flexibility of this great library, we can change the salt generator: