[12866] in Cypherpunks
Re: Random #'s via serial port dongle?
daemon@ATHENA.MIT.EDU (smb@research.att.com)
Mon May 2 13:44:24 1994
From: smb@research.att.com
To: perry@imsi.com
Cc: tcmay@netcom.com (Timothy C. May), cypherpunks@toad.com
Date: Mon, 02 May 94 13:33:34 EDT
Timothy C. May says:
> I don't think generating random numbers is all that much of a
> priority. The Blum-Blum-Shub C code is available, and I defy anyone
to
> break _that_ PRNG!
Its partially a question of speed. Many applications, like one time
pads, are just too slow to generate random strings for given normal
techniques. Its partially a question of automation -- I'd like to be
able to generate public/private key pairs on a regular basis and its
hard to do given all the goddamn typing. Its partially a question of
abstract hacker satisfaction -- one would like to know that one's
numbers are RANDOM.
That isn't a matter of ``abstract hacker satisfaction''. That's a very
strong security requirement: how do you *know* that your keys are
random?
Tim May suggested using Blum-Blum-Shub. Fine -- but how are you going
to seed it? That's why I want real random numbers -- as a seed to
Blum-Blum-Shub or quintuple IDEA or MD5 composed with SHS' or whatever.
I probably wouldn't use the random numbers in raw form, though -- and
no one else does, either; the real random number generators I've seen
all incorporate some sort of scrambling function.
