|
|
|
|
|
|
by Grimburger
1397 days ago
|
|
|
State your use-case? "Strong" and "weak" is a sliding scale between indifference and tin-foil paranoia. Plenty of low-end embedded devices have questionable rng's but it's enough for them to make tls requests. In many modern cryptosystems keys are ephemeral, there's a relatively small window to exploit weak rng's knowing the full state of the system. Long-lived keys are a different story, especially those generated soon after booting. > Generating salt - no A salt can be an incrementing number that is publicly known, they are not required to be secret. Using email as a salt is perfectly fine and poses no risk. |
|
|