use 32 bytes instead of 24 for seed material from ThreadedSeedGenerator

author: Edward Ned Harvey <edward.harvey@conceptblossom.com> 2014-08-05 11:02:40 -0400
committer: Edward Ned Harvey <edward.harvey@conceptblossom.com> 2014-08-05 11:02:40 -0400
commit: 663cace258c429c13d980aec5c8f40db50ba580b (patch)
tree: 1135a0bb7ea9ac2c693372d52206028f8e0a2615 /crypto
parent: Check point against cofactor after decompression (diff)
download: BouncyCastle.NET-ed25519-663cace258c429c13d980aec5c8f40db50ba580b.tar.xz
1 files changed, 5 insertions, 1 deletions
diff --git a/crypto/src/security/SecureRandom.cs b/crypto/src/security/SecureRandom.cs
index ac9d98158..9fd7e9e65 100644
--- a/crypto/src/security/SecureRandom.cs
+++ b/crypto/src/security/SecureRandom.cs
@@ -26,8 +26,12 @@ namespace Org.BouncyCastle.Security
 					gen = new ReversedWindowGenerator(gen, 32);
 					SecureRandom sr = master[0] = new SecureRandom(gen);
 
+					// Even though Ticks has at most 8 or 14 bits of entropy, there's no harm in adding it.
 					sr.SetSeed(DateTime.Now.Ticks);
-					sr.SetSeed(new ThreadedSeedGenerator().GenerateSeed(24, true));
+                    
+					// 32 will be enough when ThreadedSeedGenerator is fixed.  Until then, ThreadedSeedGenerator returns low
+					// entropy, and this is not sufficient to be secure. http://www.bouncycastle.org/csharpdevmailarchive/msg00814.html
+					sr.SetSeed(new ThreadedSeedGenerator().GenerateSeed(32, true));
 					sr.GenerateSeed(1 + sr.Next(32));
 				}
author	Edward Ned Harvey <edward.harvey@conceptblossom.com>	2014-08-05 11:02:40 -0400
committer	Edward Ned Harvey <edward.harvey@conceptblossom.com>	2014-08-05 11:02:40 -0400
commit	663cace258c429c13d980aec5c8f40db50ba580b (patch)
tree	1135a0bb7ea9ac2c693372d52206028f8e0a2615 /crypto
parent	Check point against cofactor after decompression (diff)
download	BouncyCastle.NET-ed25519-663cace258c429c13d980aec5c8f40db50ba580b.tar.xz