1996-03-02 - Re: New PRNG method!

Header Data

From: Adam Shostack <adam@lighthouse.homeport.org>
To: olcay@libtech.com (Olcay Cirit)
Message Hash: 1280e801f0a4107ff9710feb725ada6331356bc579a1907e44482a025fd29343
Message ID: <199603021741.MAA16483@homeport.org>
Reply To: <199603021656.LAA13644@bb.hks.net>
UTC Datetime: 1996-03-02 18:06:34 UTC
Raw Date: Sun, 3 Mar 1996 02:06:34 +0800

Raw message

From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sun, 3 Mar 1996 02:06:34 +0800
To: olcay@libtech.com (Olcay Cirit)
Subject: Re: New PRNG method!
In-Reply-To: <199603021656.LAA13644@bb.hks.net>
Message-ID: <199603021741.MAA16483@homeport.org>
MIME-Version: 1.0
Content-Type: text


	The fact that something is complex does not mean your end of
it can not be monitered.  You need to discover random numbers from
something very local to you, or your opponents can mess with your
numbers.  David Wagner posted something about how Mallet could muck
with your RNG if it was based on incoming packet checksums, back in
September.

	If you want good random numbers, track the mouse.  Don't go
looking outside your computer to things other computers do.

	Lastly, using collision-resistant hashing in considered
preferable to encrypting information.

Adam


Olcay Cirit wrote:

| If the internet is so huge and complex, why not, say, use
| the least significant bits of ping times from random internet
| hosts as seeds for a PRNG? (Practical Random Number Gen.)



| After all this, you could wash it with a secure symmetric
| cryptosystem such as idea in CBC mode.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






Thread