Document RNG design in random.h

author: Pieter Wuille <[email protected]> 2019-01-13 10:51:17 -0800
committer: Pieter Wuille <[email protected]> 2019-01-16 16:35:54 -0800
commit: 223de8d94d6522f795ec3c2e7db27469f24aa68c (patch)
tree: 60448895cf16e6ea5fef6dba41253bcc06208a9a /src/random.cpp
parent: Use secure allocator for RNG state (diff)
download: discoin-223de8d94d6522f795ec3c2e7db27469f24aa68c.tar.xz
discoin-223de8d94d6522f795ec3c2e7db27469f24aa68c.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/src/random.cpp b/src/random.cpp
index 4cd6c9ddc..3b7f7910b 100644
--- a/src/random.cpp
+++ b/src/random.cpp
@@ -282,6 +282,14 @@ namespace {
 
 class RNGState {
     Mutex m_mutex;
+    /* The RNG state consists of 256 bits of entropy, taken from the output of
+     * one operation's SHA512 output, and fed as input to the next one.
+     * Carrying 256 bits of entropy should be sufficient to guarantee
+     * unpredictability as long as any entropy source was ever unpredictable
+     * to an attacker. To protect against situations where an attacker might
+     * observe the RNG's state, fresh entropy is always mixed when
+     * GetStrongRandBytes is called.
+     */
     unsigned char m_state[32] GUARDED_BY(m_mutex) = {0};
     uint64_t m_counter GUARDED_BY(m_mutex) = 0;
     bool m_strongly_seeded GUARDED_BY(m_mutex) = false;
author	Pieter Wuille <[email protected]>	2019-01-13 10:51:17 -0800
committer	Pieter Wuille <[email protected]>	2019-01-16 16:35:54 -0800
commit	223de8d94d6522f795ec3c2e7db27469f24aa68c (patch)
tree	60448895cf16e6ea5fef6dba41253bcc06208a9a /src/random.cpp
parent	Use secure allocator for RNG state (diff)
download	discoin-223de8d94d6522f795ec3c2e7db27469f24aa68c.tar.xz discoin-223de8d94d6522f795ec3c2e7db27469f24aa68c.zip