[7286] in cryptography@c2.net mail archive
Re: random seed generation without user interaction?
daemon@ATHENA.MIT.EDU (Don Davis)
Thu Jun 8 23:10:52 2000
Message-Id: <l03110708b56545c63ca9@[208.192.102.55]>
In-Reply-To: <v0421010eb565281196e1@[24.218.56.92]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Thu, 8 Jun 2000 12:12:14 -0400
To: cryptography@c2.net
From: Don Davis <dtd@world.std.com>
steve b., perry m., and arnold r. all point out,
quite correctly, that hashing was used for noise-
whitening, long before sgi's lavarand and before
my disk-randomness paper. the difference that
sgi's work and mine offered was a more rigorous
notion of randomness. by explicitly drawing on
the strict mathematical definition of "chaos," we
could call our generators' outputs random per se.
thus, chaos-based rngs go beyond prior work on
noise-whitening, but the difference is perhaps
more important theoretically than practically.
both generators produced truly unpredictable bits,
though SGI & i differed in our statistical criteria.
my experiment produced asymptotically i.i.d. uniform
bits, while lavarand produced _effectively_ uniform
bits. in other words, both SGI and i offered truly
random bits, and not merely securely unpredictable
bits. note the contrast with prior work: while
arnold's DoD citation from 1985 does offer a
practical & effective way to seed a PRNG, the doc't
explicitly calls the product bits "pseudo-random."
our/my novel contribution was to justify dropping
the prefix "pseudo-". afaik, before my paper,
noone spoke of software "TRNGs". no-one believed
it was possible to produce truly random bits
without specialized hardware, though many of us
knew that hashing or encrypting an irregular or
secret input was necessary & sufficient for most
cryptographic purposes.
- don davis, boston
-
