Re: One real life secure random generator

bram (bram@gawth.com)
Tue, 14 Jul 1998 21:38:50 -0700 (PDT)

• Next message: Bill Stewart: "Re: Mersenne Twister - Why a PRNG isn't a OTP"
• Previous message: Mike Rosing: "Re: Elliptical Curve Encryption"
• In reply to: Paulo Barreto: "Re: Elliptical Curve Encryption"
• Next in thread: Bill Frantz: "Re: One real life secure random generator"

On Tue, 14 Jul 1998, David Wagner wrote:

> it would be better to prevent iterative-guessing attacks. The
> typical countermeasure is to save up a number of entropy samples,
> and only mix them into the pool once their combined entropy exceeds
> some threshold (perhaps 64--160 bits, according to taste).

Fortunately, the way most hashes work it's possible to compute the hash of
the concatenation of a whole bunch of separate bitstrings without having
to keep them all in memory till the end.

I earlier suggested using a separate PRNG to pool data, which given the
above insight is completely unnecessary.

-Bram

(who never rewrites posts three times because the first couple things he
wrote were either wrong or embarassingly stupid.)

• Next message: Bill Stewart: "Re: Mersenne Twister - Why a PRNG isn't a OTP"
• Previous message: Mike Rosing: "Re: Elliptical Curve Encryption"
• In reply to: Paulo Barreto: "Re: Elliptical Curve Encryption"
• Next in thread: Bill Frantz: "Re: One real life secure random generator"