building a true RNG

James A. Donald jamesd at echeque.com
Tue Jul 30 14:10:02 EDT 2002


    --
On 30 Jul 2002 at 17:02, Amir Herzberg wrote:
> I found that when trying to explain and define hash functions
> and their properties, I didn't find a satisfactory definition
> for the `randomness` properties.

Randomness is of course indefinable.  A random oracle is however 
definable.  

If SHA-1 is indistinguishable from a random oracle without prior
knowledge of the input, then we would like to prove that for an
attacker to make use of the loss of entropy that results from the
fact that it is not a random oracle, the attacker would be need to
be able to distinguish SHA-1 from a random oracle without prior
knowledge of the input. 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     CxPM+cm8zcgy+aC2EA+wlmYH4DUaMzSLmaJFJN6v
     225C9EmZaK85VbOoLT5EpF24GeytUdtyW9T/FjXgw


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list