Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:28 ADT
Mike Rosing (eresrch@msn.fullfeed.com)
Thu, 16 Jul 1998 16:20:18 -0500 (CDT)
On Thu, 16 Jul 1998, bram wrote:
> None of us are arguing against having RNG's around, just discussing what
> to do with their output. Relying on the raw output of an RNG for
> cryptographic purposes would be an exceedingly risky proposition.
I guess I can measure the risk. At least there's a limit, and every
application will have to determine if it's within the limit or not.
> I wonder if designing an RNG with the idea that it's output would go
> through crypographic processing would be easier than designing one
> normally - you could just take biases into account when figuring out how
> much entropy the thing is producing, and not bend over backwards trying to
> stamp them out completely.
The entropy should be 1 bit per RNG per unit time. If something goes
wrong you'll get less than that (you'll never take more than that). I
definitly agree that cryptographic processing is a good idea in the real
world, you want to make the task of finding problems in the RNG difficult.
The attacker can duplicate the RNG and study it to death, so the
additional processing means they have to find a mapping from the RNG
modifications thru the hash. With a good hash, that's near impossible.
Patience, persistence, truth,
Dr. mike
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:28 ADT