Re: One real life secure random generator

bram (bram@gawth.com)
Sun, 12 Jul 1998 23:02:27 -0700 (PDT)

• Next message: bram: "Re: What is entropy?"
• Previous message: Cicero: "Re: What is entropy?"
• In reply to: Carl Ellison: "Re: What is entropy?"
• Next in thread: Bill Frantz: "Re: One real life secure random generator"
• Reply: Bill Frantz: "Re: One real life secure random generator"

On Sun, 12 Jul 1998, Lewis McCarthy wrote:

> Bill Frantz wrote:
> >>> When we generate a random number, we compute enough MD5(entire pool || 8
> >>> byte sequence counter) to meet fill the requested size. The 8 byte
> >>> sequence counter is incremented for each new calculation.
>
> Bram writes:
> > Unfortunately that can result in hashing a large number of similar
> > bitstrings, making those available is an attack most hash functions aren't
> > really meant to withstand.
>
> Pardon? I assume we are discussing cryptographic hash functions whose
> designs are public. An attacker can certainly choose a large set of inputs,
> hash them all, and examine the resulting hash values. In what sense is this
> "an attack most hash functions aren't really meant to withstand"?

Hash functions are designed to make it difficult, given a hash, to find
something which hashes to that value. They are not designed to make ti
difficult to, given a whole slew of hashes of things which only vary by a
few bytes, find the bytes in common. Xoring with a sequence counter only
changes the last few bytes. I don't know of any actual results breaking
hashes in this way, but it could expose problems which proper use of the
hashes wouldn't.

-Bram

• Next message: bram: "Re: What is entropy?"
• Previous message: Cicero: "Re: What is entropy?"
• In reply to: Carl Ellison: "Re: What is entropy?"
• Next in thread: Bill Frantz: "Re: One real life secure random generator"
• Reply: Bill Frantz: "Re: One real life secure random generator"