[5149] in cryptography@c2.net mail archive
RE: depleting the random number generator
daemon@ATHENA.MIT.EDU (bram)
Mon Jul 19 17:16:07 1999
Date: Mon, 19 Jul 1999 12:19:17 -0700 (PDT)
From: bram <bram@gawth.com>
To: cryptography <cryptography@c2.net>
In-Reply-To: <37B41916@MailAndNews.com>
On Mon, 19 Jul 1999, Enzo Michelangeli wrote:
> Sorry folks, but I can't understand where the problem is supposed to be. The
> entropy of a pool is a measure of the information about its internal state
> that we don't know: which is why in thermodynamics the same name is given to
> the logarithm of the number of (invisible) microstates corresponding to an
> (observed) macrostate. Now: if we extract bits from the generator, we cannot
> gain insight over the internal state and its evolution, because on the path of
> a well-designed RNG there is a one-way function whose inversion is not
> computationally feasible.
That's true, but not horribly obvious to most people, and the design of
the random number gizmo isn't all that trivial.
The brief summary of the above is that it's possible to simply replace
/dev/random with something which doesn't deplete entropy and the problem
will go away. And yes, it is possible to do that in a secure manner.
-Bram
