building a true RNG
Barney Wolff
barney at tp.databus.com
Mon Jul 29 12:08:11 EDT 2002
Yes, but is there any lower bound known? 2^(N-1)? Or worse?
Clearly a hash with N-bit output that can't generate all 2^N
values can never actually have N bits of entropy. Depending on how
many forbidden values there are, this may or may not be significant.
Of course if the forbidden values cannot be found, I'd agree with
the "as good as".
On Mon, Jul 29, 2002 at 03:39:32PM +0000, David Wagner wrote:
> >Do we even know that the popular hash functions can actually generate
> >all 2^N values of their outputs?
>
> It seems very unlikely that they can generate all 2^N outputs
> (under current knowledge). However, they satisfy the next-best
> thing: their output appears to be indistinguishable from uniform to
> computationally-bounded observers, hence it's "as good as" if they
> could generate all 2^N outputs for most purposes.
--
Barney Wolff
I never met a computer I didn't like.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list