From: “James A. Donald” <jamesd@echeque.com>
To: cypherpunks@toad.com
Message Hash: 8f70f15f033e31e97eb434c1233044a7b6689097eca53e54e8869e432ce6ed48
Message ID: <199509210627.XAA14935@blob.best.net>
Reply To: N/A
UTC Datetime: 1995-09-21 06:27:45 UTC
Raw Date: Wed, 20 Sep 95 23:27:45 PDT
From: "James A. Donald" <jamesd@echeque.com>
Date: Wed, 20 Sep 95 23:27:45 PDT
To: cypherpunks@toad.com
Subject: Re: (none)
Message-ID: <199509210627.XAA14935@blob.best.net>
MIME-Version: 1.0
Content-Type: text/plain
At 06:05 AM 9/21/95 GMT, Phil Karlton wrote:
>James A. Donald <jamesd@echeque.com> writes:
> Whenever you need a random number, take a one way checksum,
> for example MD5, of the most recently altered part of that
> buffer. Use that as your random number.
>
> How is this any better than feeding the data into the MD5
> hash as I go? This is not a rhetorical question.
Assuming that MD5 loses no entropy, it is identical, or very similar in
strength, since in the algorithm that I described the most recently altered
part of the buffer depends sensitively on all previous noise accumulated
into the buffer, so if the total cumulated entropy is larger than your block
size, you are OK.
However the algorithm I described simply used less computation, but the
overhead of continually doing MD5 is probably modest.
No matter what you do, if you cumulate a hundred bits of entropy, and if you
use a one way hash to generate random numbers so that your session keys do
not leak information about your entropy, you are going to be safe against a
random number generator attack.
I suggested accumulating a very large amount of entropy, but obviously this
is just gilding the lily.
---------------------------------------------------------------------
|
We have the right to defend ourselves | http://www.jim.com/jamesd/
and our property, because of the kind |
of animals that we are. True law | James A. Donald
derives from this right, not from the |
arbitrary power of the state. | jamesd@echeque.com
Return to September 1995
Return to ““James A. Donald” <jamesd@echeque.com>”