17 Dec
2003
17 Dec
'03
11:17 p.m.
I admit I'm guilty of being somewhat ignorant of how PGP implements randseed.bin. My experience with PGP indicates that it's pretty well-thought-out in general, so perhaps I'm repeating the obvious. One possibility is to treat part of the random seed as if it was your secret RSA key. Systems like PEM store the RSA key encrypted on disk someplace - you could also store an encrypted random seed which you decrypt when you retrieve the secret key, use to bootstrap your PRNG, and then replace with some output from the PRNG when you're done. That way, the seed is (by definition) hidden, and an attacker is going to have much more trouble attacking your PRNG by searching your random seed space. mjr.