Extracting unifrom randomness from noisy source
Klaus Pommerening
pom at imsd.uni-mainz.de
Mon Aug 5 03:38:05 EDT 2002
David Wagner wtote:
> Amir Herzberg wrote:
> >
> >pseudo-random = AES_k (noise)
> >
> Don't use this -- it is broken.
>
Indeed it is. But what about
pseudo-random = AES_{noise}(k)
[splitting noise into appropriate blocks] - as long as AES is
believed to be secure against a known plaintext attack?
> I believe using SHA1 is superior to your method, and
> I believe "use SHA1" is still the correct advice to give
> to practitioners, ...
SHA1 should be faster anyway.
--
Prof. Dr. Klaus Pommerening [http://www.uni-mainz.de/~pommeren/]
Institut fuer Medizinische Biometrie, Epidemiologie und Informatik
Johannes-Gutenberg-Universitaet Mainz
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list