Re: The Blum-Blum-Shub generator and a guessable seed

"Paul Rubin" <> wrote in message
"Joseph Ashwood" <ashwood@xxxxxxx> writes:
I was, fortunately this implementation doesn't actually require more
than a few kb of entropy per day, only on the server, and even then
it only needs to be attacker-apparent entropy.

If entropy is only needed on the server, then what does the cost of
100k pieces of hardware on the clients have to do with anything? Why
can't you use an external entropy source on the server, even if it
costs a few bucks?

An earlier designed spec'd hardware for clients, no longer the case, took me
3 months to design around it, but finally managed well enough.

I was using my situation as an example (actually an amazingly common
example) of where hardware simply doesn't work monetarily. I certainly won't
say that _every_ situation should be done this way, there are plenty of
situations where security can't be done without client hardware, and for
those adding a hardware TRNG makes sense. But the OP design, never makes
sense, at least not at the level proposed.