From: smb@research.att.com
Date: Mon, 2 May 94 10:34:51 PDT
To: perry@imsi.com
Subject: Re: Random #'s via serial port dongle?
Message-ID: <9405021734.AA27060@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


	 
	 Timothy C. May says:
	 > I don't think generating random numbers is all that much of a
	 > priority. The Blum-Blum-Shub C code is available, and I defy anyone 
	to
	 > break _that_ PRNG!

	 Its partially a question of speed. Many applications, like one time
	 pads, are just too slow to generate random strings for given normal
	 techniques. Its partially a question of automation -- I'd like to be
	 able to generate public/private key pairs on a regular basis and its
	 hard to do given all the goddamn typing. Its partially a question of
	 abstract hacker satisfaction -- one would like to know that one's
	 numbers are RANDOM.

That isn't a matter of ``abstract hacker satisfaction''.  That's a very
strong security requirement:  how do you *know* that your keys are
random?

Tim May suggested using Blum-Blum-Shub.  Fine -- but how are you going
to seed it?  That's why I want real random numbers -- as a seed to
Blum-Blum-Shub or quintuple IDEA or MD5 composed with SHS' or whatever.
I probably wouldn't use the random numbers in raw form, though -- and
no one else does, either; the real random number generators I've seen
all incorporate some sort of scrambling function.