I have an application where I generate a username & a password for each user.
Since these two are generated directly after each other, can an attacker know the password from the username?
I'm asking because the username & password are not actually random -- they're just 2 consecutive elements in the same PRNG sequence. So, what guarantees do we have about this sequence regarding knowing future or past elements by knowing some consecutive elements of it?
The question can be answered for Crypto.getRandomValues() or pseudo-random generators. I.e., is there a requirement on PRNG sequence of not being able to tell future elements even if you know some consecutive elements?
Example: How many consecutive elements of Math.Random() do you need to know to be able to predict the next one? ... because its implementation is simpler, and if it's hard for it it should be harder for Crypto.getRandomValues().
Aucun commentaire:
Enregistrer un commentaire