From: hughes@ah.com (Eric Hughes)
Date: Sat, 16 Apr 94 21:13:56 PDT
To: cypherpunks@toad.com
Subject: rng, anyone?
In-Reply-To: <9404150549.AA12690@anchor.ho.att.com>
Message-ID: <9404170405.AA28846@ah.com>
MIME-Version: 1.0
Content-Type: text/plain


Re: PGP simulators

>WHile Blum-Blum-Shub is probably the cool way to go,
>RSAREF uses repeated iterations of MD5 to generate its pseudo-randoms,
>which can be reasonably secure and use code you've probably already got
>hooks from perl for.

There is a problem with generating random numbers by repeated
iterations of a hash function when these numbers will be used to
simulate an encrypted message body.  The body can be seen to be
generated by the algorithm.  All you do is to apply MD5 to the first
block and see if it's equal to the second block.  This completely
identifies the message as a hash-chain generation, and thus as a fake
message.

Indistinguishability is a harder criterion to simulate than other
notions of randomness.

Eric