PRNG design document?
John S. Denker
jsd at av8n.com
Fri Aug 22 08:42:45 EDT 2003
On 08/19/2003 11:57 AM, Tim Dierks wrote:
>
> I'm assuming a cryptographic PRNG of the type in OpenSSL, PGP, etc.,
> where entropic seeding data is accumulated into a pool and output is
> produced by operating on the pool with a secure hash or similar
> cryptographic algorithm.
The statement contains two inequivalent ideas:
-- some applications (OpenSSL, PGP, etc.) which
imply certain requirements, and
-- some technology for generating numbers which
may or may not meet those requirements.
The mentioned technology is what I classify as a
_stretched_ random symbol generator, because it
outputs an entropy density greater than zero but
less than 100%.
For most of the things that OpenSSL and PGP do,
certainly certificate generation and almost
certainly session-key generation, I would *not*
recommend using a stretched random symbol
generator, but rather a full-blown True Random
Symbol Generator, i.e. 100% entropy density.
There are other situations (e.g. expunging a
multi-gigabyte disk) where you might really
need to do some stretching.
BTW I prefer to reserve the term PRNG to apply
to the extreme case of zero entropy density, but
there's not much to be gained by quibbling about
terminology.
> Is there a definitive or highly recommended paper or book on the
> design of PRNGs?
How about this:
http://www.av8n.com/turbid/
> I'm interested in whether there's a strong source on what the design
> considerations for how to process the input into the pool, mix &
> remix the pool, and generate output are.
The idea of a pool that needs mixing and remixing
is not the optimal design IMHO.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list