> There are also people asserting that it's important for RNGs to provide "prediction resistance" against attackers who, once upon a time, saw the entire RNG state.
At this point we regularly have microarchitectural side-channels that can (with varying speed and reliability) leak kernel memory. It's easy to say "if someone can read kernel memory it's game over", but imho it's better to harden against state compromise than to not.
At this point we regularly have microarchitectural side-channels that can (with varying speed and reliability) leak kernel memory. It's easy to say "if someone can read kernel memory it's game over", but imho it's better to harden against state compromise than to not.