[5248] in cryptography@c2.net mail archive
Re: depleting the random number generator -- repeated state
daemon@ATHENA.MIT.EDU (Jon Callas)
Tue Jul 27 20:20:04 1999
In-Reply-To: <v0401170cb3c37a1cdbe1@[24.218.56.100]>
Date: Tue, 27 Jul 1999 15:22:14 -0700
To: cryptography@c2.net
From: Jon Callas <jon@callas.org>
I built a PRNG that used an RC4 variant as John Kelsey said. The thing is
also actually very Yarrow-like. I modified it later to use a state array
512 long instead of 256 long, just so it would have a larger entropy pool.
When I added more entropy, I added entropy using the same basic algorithm
as RC4 key setup. The difference was that the S-array was not 0..256, but
whatever the state of the array was. You simply *don't* use the input
mechanism that Anonymous described.
I'll also note that the state-loop that Anonymous described can easily be
detected and corrected. Given that this is a PRNG, not a cipher,
predictability is not a requirement (although you can algorithmically
correct in a way that will still make it a cipher).
Someday, I need to update the Entropy Manager (as I called it) and
re-release it.
Jon
