[5256] in cryptography@c2.net mail archive
Re: depleting the random number generator -- repeated state
daemon@ATHENA.MIT.EDU (Eugene Leitl)
Wed Jul 28 13:42:49 1999
From: Eugene Leitl <eugene.leitl@lrz.uni-muenchen.de>
Date: Tue, 27 Jul 1999 17:25:01 -0700 (PDT)
To: Jon Callas <jon@callas.org>
Cc: cryptography@c2.net
In-Reply-To: <v04210109b3c3da26b308@[38.232.7.7]>
Jon Callas writes:
> I'll also note that the state-loop that Anonymous described can easily be
> detected and corrected. Given that this is a PRNG, not a cipher,
> predictability is not a requirement (although you can algorithmically
> correct in a way that will still make it a cipher).
I do not quite see why one must be so intent in maintaining a
continuous entropy influx into the pool. If I've got a random number
generator with 1 MBit state or more, and its Hamiltonian is pretty
much a random walk in state space, the probability of it tripping upon
its own trajectory (=becoming trapped in a cycle is nigh nil). If the
number of state bits, proper amount of initial entropy and the the
shape of the Hamiltonian are chosen right, it wouldn't start cycling
until the Sun burns out.
So what's the magic with the entropy pool? Because current algorithms
don't have enough state, and because the hidden structure of their
pseudorandomness starts shining through after a while?
(Sorry if I speak nonsense, I'm not a crypto person).
