From: David Van Wie <dvw@hamachi.epr.com>
Date: Tue, 26 Sep 95 14:56:32 PDT
To: "'cypherpunks'" <cypherpunks@toad.com>
Subject: RE: `Random' seed.
Message-ID: <30687693@hamachi>
MIME-Version: 1.0
Content-Type: text/plain



Matt Blaze <mab@crypto.com> wrote:

>Here's my current favorite quick-and-dirty true-random-in-software 
generator.
>Use at own risk and read the comments carefully...
[...]
> *      Physically random numbers (very nearly uniform)
> *      D. P. Mitchell
> *      Modified by Matt Blaze 2/95
[...]
> * WARNING: depending on the particular platform, truerand() output may
> * be biased or correlated.  In general, you can expect about 16 bits of
> * "pseudo-entropy" out of each 32 bit word returned by truerand(),
> * but it may not be uniformly diffused.

While this comment provides some general information, it does not give the 
expected entropy in the form of testable assumptions.  A first step in this 
direction is to provide the entropy series used to arrive at the 16 bit per 
32 bit word estimate.  The second step, as I recommended last week (RE: RNG 
Resource FAQ... on 9/22), is to provide a concise argument drawn directly 
from the mathematical weaknesses of the entropy series.  In that post, I 
posed the following four criteria because they address the mathematical 
(theoretical) weaknesses of the entropy series, while using a vocabulary 
that should be sensible to a rigorous designer:

1)  The states exist and can be identified.
2)  The number of states n is known.
3)  The index value i uniquely identifies a state.
4)  The function P_i is known and well-behaved.

In this way, an analyst can review both the entropy series itself, and a 
_concise_ statement of the criteria under which the series is defined (i.e. 
when the 4 mathematical weaknesses have been appropriately addressed), and 
the argument "why" has been scrutinized against the code or proposed design.

dvw