[129503] in cryptography@c2.net mail archive
Re: On "randomness"
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Mon Aug 4 16:27:14 2008
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: ben@links.org, jsd@av8n.com
Cc: cryptography@metzdowd.com, pedagand@gmail.com
In-Reply-To: <4890EE60.2080605@av8n.com>
Date: Fri, 01 Aug 2008 17:38:28 +1200
John Denker <jsd@av8n.com> writes:
> *) At the other extreme, there are many high-stakes business,
> military, and gambling applications where I would agree with
> von Neumann, and would shun absolutely all PRNGs. I would
> rely exclusively on _hardware_ randomness generators, as
> detailed at:
> http://www.av8n.com/turbid/
I would never rely *exclusively* on any source because then a failure in your
exclusive source, no matter how magical it is, will bring down your entire
system. Use a hardware RNG if you want to, but also XOR in the output from a
PRNG, and a block cipher in counter mode, and a MAC of the time. And apply
the NIST tests on the data you're using, and on the generator output. And
don't forget to do [...].
A good randomness/key generator is more an engineering problem than an
algorithmic one.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
