[5130] in cryptography@c2.net mail archive
Re: depleting the random number generator
daemon@ATHENA.MIT.EDU (James A. Donald)
Sun Jul 18 06:24:25 1999
Date: Sat, 17 Jul 1999 15:30:19 -0700
To: John Denker <jsd@research.att.com>, cryptography@c2.net
From: "James A. Donald" <jamesd@echeque.com>
In-Reply-To: <4.1.19990717161153.00ad0850@surfcity.research.att.com>
--
At 04:45 PM 7/17/99 -0400, John Denker wrote:
> Step 2) The attacker endlessly iterates step 1. This is easy.
> AFAIK there is no useful limit on how often new applications can be
> made. This quickly exhausts the entropy pool on Whitney.
The attacker can only "exhaust" the entropy pool if he can gain
information about the pool from the entropy he sees. It is possible
to make this computationally very expensive.
Use a cryptographically strong PSEUDO random number generator, such as
RC4.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
qn/WO267h5K7+VFcgal8DsOaJN3+dzOvBZD/PmS9
42jjcrq29n9M22Y960CjYsXpYQ1gxdZCXa7PjMWDk
