Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:11 ADT
bram (bram@gawth.com)
Tue, 7 Jul 1998 13:48:50 -0700 (PDT)
On Tue, 7 Jul 1998, Perry E. Metzger wrote:
> My big question is this: are there tools for taking a set of random
> numbers dispersed according to a non-uniform distribution, like a
> poisson or normal distribution, and turning them into a set of random
> numbers over a uniform distribution? Given such tools, timing
> intervals between the geiger counter ticks is probably safe --
> otherwise, it may skew the results subtly.
Apparently, there's been amazingly little research on the topic.
The basic idea is you take all input and turn it into a stream of bits,
then estimate (conservatively) how many bits there are in it (not
necessarily an integer, successive hits is just a crude way of guessing
1/3) and feed the stream and entropy count into a PRNG. What's a PRNG?
That question is answered in
http://www.counterpane.com/pseudorandom_number.html
It goes over several known PRNG techniques. Most of them are lame,
apparently all are ad hoc. It also gives analyses of several techniques,
although the authors miss a better attack on RSAREF (a malicious attacker
can send more than one input at a time.)
I was just wondering about this sort of problem when I came across that
paper, and am really surprised at how little seems to have been done on
the subject. I think I've figured out a pretty good way of using secure
hashes to make a PRNG, but haven't written it up yet.
-Bram
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:11 ADT