On "randomness"
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri Aug 1 01:38:28 EDT 2008
John Denker <jsd at av8n.com> writes:
> *) At the other extreme, there are many high-stakes business,
> military, and gambling applications where I would agree with
> von Neumann, and would shun absolutely all PRNGs. I would
> rely exclusively on _hardware_ randomness generators, as
> detailed at:
> http://www.av8n.com/turbid/
I would never rely *exclusively* on any source because then a failure in your
exclusive source, no matter how magical it is, will bring down your entire
system. Use a hardware RNG if you want to, but also XOR in the output from a
PRNG, and a block cipher in counter mode, and a MAC of the time. And apply
the NIST tests on the data you're using, and on the generator output. And
don't forget to do [...].
A good randomness/key generator is more an engineering problem than an
algorithmic one.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list