From Newsgroup: sci.crypt
Byrl Raze Buckbriar <
news0@octade.net> wrote:
MegaRand - build a large random entropy pool with no period,
pattern, or bias.
I've analyzed your MegaRand code and must express serious concerns about
its cryptographic validity and the misleading claims.
The code primarily sources entropy from /dev/urandom (a PRNG), then
engages in extensive file system operations and data transformations
that provide no additional entropy. The complex directory structure
and multiple shuffling operations are computationally expensive but cryptographically irrelevant - they cannot increase entropy beyond
the initial /dev/urandom seed.
Most concerning is the final step: encrypting the random pool using
a key derived from itself. This is cryptographically meaningless and
provides no security benefit. The ChaCha20 encryption of already-
random data with a key derived from that same data is equivalent to
applying multiple identity transformations.
As someone working with genuine entropy sources (atmospheric noise
capture for one-time pads), I must emphasize that true randomness
requires physical entropy sources, not elaborate transformations of pseudorandom inputs.
This implementation appears to be security theater rather than cryptographically sound design.
- Battosai
--- Synchronet 3.21a-Linux NewsLink 1.2