[5183] in cryptography@c2.net mail archive
Re: depleting the random number generator
daemon@ATHENA.MIT.EDU (David Honig)
Thu Jul 22 11:00:38 1999
Date: Wed, 21 Jul 1999 19:47:53 -0700
To: John Kelsey <kelsey.j@ix.netcom.com>, Ben Laurie <ben@algroup.co.uk>,
bram <bram@gawth.com>
From: David Honig <honig@sprynet.com>
Cc: cryptography <cryptography@c2.net>
In-Reply-To: <4.1.19990721145705.00975970@popd.ix.netcom.com>
At 03:16 PM 7/21/99 -0500, John Kelsey wrote:
>Suppose God, in a fit of budget-consciouness, decides to get
>rid of all this wasteful hardware for generating random
>numbers that are necessary for quantum mechanics, and
>instead replaces them with a PRNG with a 256-bit seed. In
>this case, all hardware noise sources are ultimately tapping
>into this same seed and PRNG. How will you, or anyone, tell
>the difference? (This assumes that God can find some good
>pseudorandom function families, of course.)
Eventually one rng could catch up to another one, and from then on,
they would predict each other forever. This is not possible before
the GAO (Gods Accounting Office) cuts the quantum project. So there
is a definate (albeit hypothetical) test.
Excellent illustration, though.
