1993-10-06 - Re: Need Suggestions for Random Numbers

Header Data

From: “Perry E. Metzger” <pmetzger@lehman.com>
To: cypherpunks@toad.com
Message Hash: c0e3f88442f035688831ce6e3a1e05efd750ce645ca76c4feff23d65d062cca0
Message ID: <9310061317.AA16857@snark.lehman.com>
Reply To: <IggWg0W00Vp=NOUEhj@andrew.cmu.edu>
UTC Datetime: 1993-10-06 13:19:15 UTC
Raw Date: Wed, 6 Oct 93 06:19:15 PDT

Raw message

From: "Perry E. Metzger" <pmetzger@lehman.com>
Date: Wed, 6 Oct 93 06:19:15 PDT
To: cypherpunks@toad.com
Subject: Re: Need Suggestions for Random Numbers
In-Reply-To: <IggWg0W00Vp=NOUEhj@andrew.cmu.edu>
Message-ID: <9310061317.AA16857@snark.lehman.com>
MIME-Version: 1.0
Content-Type: text/plain



Matthew J Ghio says:
> What PRNGs would you suggest using?

Don't use PRNGs for one time pads. To quote Don Knuth, anyone using
software methods to generate random numbers "is living in a state of
sin."

One time pads require REAL random numbers. If you are willing to, say,
use DES to generate your random numbers, you might as well encrypt
with DES instead of pretending that you have random numbers.

If you want a one time pad, do the logical thing -- go out and buy or
build a hardware random number generator. Don't pretend that if you
only make things "complicated enough" your numbers will be effectively
random, because they won't. See Knuth's huge section on random numbers
in "The Art of Computer Programming" for a demonstration of how a
really obscenely complex algorithm can yield bad numbers.

Perry






Thread