Quote (VPN @ Oct 1 2013 04:53am)
i was assuming C++ / Coding a Linear Congruential - and both systems in my vacuum would pull the same closed source generated bits.
If every steps afftecting entropy were taken in the exact order, by identical machines, assuming no external sources of entropy are involved both machines would yield the same result. That's the basic principle behind stream cyphers. The password is essentially the source of entropy which is used to create a stream of pseudo random bytes against which the secret is XOR'ed.
Now assuming your source of entropy is simply the system clock, let's say Windows' GetTickCount(), then you need both machines have similar CPUs (and most likely northbridge as well) and also similar install since you need the system to start its clock within the same OS time quantum, and perform the exact same operations on both computers so as to achieve identical behavior from both thread scheduler (that means same mouse moving and keystrokes and all). That's the amount of conditions you'd have to clear to achieve identical entropy, and thus predict PRNG results. And I think time based entropy source are the weakest out there.
Now try to achieve this with kernel pulled entropy and you're in for a treat. Everything has to be identical, every single action has to be performed within the same time quantum. Theoretically possible though. If you add an external source of entropy, like pulling entropy from 3rd party in an atomic and incremental fashion, such that the same entropy cannot be pulled twice, nor can it be pulled at the same time, then all bets are off. You'd have to find a point in time where entropies converge, or create the situation by exploiting implementation holes, and that doesn't even guarantee they won't diverge again, since the proper practice is to pull entropy for every independent crypto routine, i.e. you should reset your state before building a new private key or random constant for an EC message signature