How good is LavaRnd?

A 2048 bit RSA public key whose primes were selected by a PRNG seeded with a 32 bit seed will not be any stronger than a simple 32 bit key.

A PRNG with a 32 bit seed can, at most, produce 2³² different output sequences. If attackers are given a sample of pseudo-random number output, they could iterate through every possible seed until they find a seed that produces the same output. With only a few bytes of PRNG output, the chance of a false positive seed match will be low. Even when more than one seed turns up as a potential candidate, the attacker need only observe a little more pseudo-random output to narrow the search down to the correct seed. With this correct seed, the attacker is able to predict ALL of the PRNG output with complete certainty.

LavaRnd does not suffer from the seed search attack problem because it is not a PRNG - LavaRnd has no seed. Even when attackers have an extensive amount of LavaRnd output, they still have no better than random chance to predict past or future output.

What is next?

• LavaRnd demos