Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:40 ADT
Bob Baldwin (baldwin@rsa.com)
Mon, 20 Jul 1998 11:30:17 -0700
There are two types of PRNG that have been
used widely for cryptographic properties. They
involve either encrypting or digesting the state
of a non-cryptographic sequence generator. The
simplest is:
Let Y[j] be the Jth output block.
Let S[j] be the state that generated Y[J]
Y[j] = F(S[j]) ; S[j+1] = G(S[i])
For encryption based PRNG, there is also a secret
key that is part of the state, and the key might
be changed every so many blocks. The second form
below is an attempt to hide the permutation nature
of the encryption function.
F(x) = Encrypt (Key, x), or
F(x) = Encrypt (Key, x) + x
For digest based PRNG, the digests are well accepted
functions like SHA1, RIPEMD, or MD5.
F(x) = Digest(x)
The update function, G, can be a simple counter, or
a linear feedback shift register (LFSR), or a linear congruent
generator (LCG). The goal is to get a guaranteed minimum
cycle length. The LSFR and LCG have the advantage that the
least significant bit of the S[i] sequence is not predictable
and those the Y[i] cannot be divided into two groups, one
with the LSB set another with it not set.
--Bob Baldwin
> -----Original Message-----
> From: Adam Shostack [SMTP:adam@homeport.org]
> Sent: Monday, July 20, 1998 7:21 AM
> To: gibreel@pobox.com
> Cc: CodherPlunks@toad.com
> Subject: Re: Strong PRNG recommendations?
>
> Stephen Zander wrote:
> |
> | Does anyone have any recommendations for a cryptographically strong
> | PRNG routine? It needs to be available as source (obviously) & under
> | LGPL/GPL or similar licence.
>
> Yarrow hasn't been heavily reviewed yet, but its the result of good
> analysis work. On counterpane.com
>
> Adam
>
>
>
> --
> "It is seldom that liberty of any kind is lost all at once."
> -Hume
>
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:40 ADT