security and seeding of RNG that generated K1

[Imported from Trac: page NewCaps/WhatCouldGoWrong, version 15]

NewCaps/WhatCouldGoWrong.md

@@ -7,7 +7,7 @@ This is about What Could Go Wrong with the "Elk Point 2" immutable file caps: <h
 |2|unauthorized read|attack the encryption of *K1* with *R*|anyone|any one file|the security of the encryption scheme used for *K1*, and the secrecy of the read-key *R*|2^*n*^|
 |3|forgery of immutable file|generate a matching read-cap (*R*,*T*) for someone else's file|anyone|any one file|the hash function's and cap format's second-pre-image resistance on (*R*,*T*). This also depends on the encryption of *K1* being deterministic and correct.|2^*n*+*t*^|
 |4|roadblock or speedbump [2]footnote|generate (*K1enc*,*Dhash*,*V*) that hash to someone else's *T*, and copy their *S*|anyone|any one file|the hash function's and cap format's collision resistance on *T*|2^*t*^|
-|5|unauthorized read|attack the encryption of the plaintext with *K1*|anyone|any one file|the security of the encryption scheme used for the plaintext, and the secrecy of the encryption key *K1*|2^*k*^|
+|5|unauthorized read|attack the encryption of the plaintext with *K1*|anyone|any one file|the security of the encryption scheme used for the plaintext, and the secrecy of the encryption key *K1*. The latter also depends on the security and seeding of the RNG that generated it.|2^*k*^|
 |6|unauthorized read|figure out the input to the hash function that generates *S*|anyone|any one file|the hash function's pre-image resistance on *S*|brute force on *R* is !#2|
 |7|unauthorized deletion|brute force KD|anyone|any one file|secrecy of *KD*|2^*d*^|
 |8|unauthorized deletion|figure out the destroy key KD from Dhash|anyone|any one file|the hash function's pre-image resistance on *Dhash*|2^min(*d*,*dh*)^|