PRNG design document?

[John S. Denker]

On 08/19/2003 11:57 AM, Tim Dierks wrote:
 >
 > I'm assuming a cryptographic PRNG of the type in OpenSSL, PGP, etc.,
 > where entropic seeding data is accumulated into a pool and output is
 > produced by operating on the pool with a secure hash or similar
 > cryptographic algorithm.

The statement contains two inequivalent ideas:
  -- some applications (OpenSSL, PGP, etc.) which
     imply certain requirements, and
  -- some technology for generating numbers which
     may or may not meet those requirements.

The mentioned technology is what I classify as a
_stretched_ random symbol generator, because it
outputs an entropy density greater than zero but
less than 100%.

For most of the things that OpenSSL and PGP do,
certainly certificate generation and almost
certainly session-key generation, I would *not*
recommend using a stretched random symbol
generator, but rather a full-blown True Random
Symbol Generator, i.e. 100% entropy density.

There are other situations (e.g. expunging a
multi-gigabyte disk) where you might really
need to do some stretching.

BTW I prefer to reserve the term PRNG to apply
to the extreme case of zero entropy density, but
there's not much to be gained by quibbling about
terminology.

 > Is there a definitive or highly recommended paper or book on the
 > design of PRNGs?

How about this:
   http://www.av8n.com/turbid/

 > I'm interested in whether there's a strong source on what the design
 >  considerations for how to process the input into the pool, mix &
 > remix the pool, and generate output are.

The idea of a pool that needs mixing and remixing
is not the optimal design IMHO.



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com