PRNG design document?

John S. Denker jsd at
Fri Aug 22 08:42:45 EDT 2003

On 08/19/2003 11:57 AM, Tim Dierks wrote:
 > I'm assuming a cryptographic PRNG of the type in OpenSSL, PGP, etc.,
 > where entropic seeding data is accumulated into a pool and output is
 > produced by operating on the pool with a secure hash or similar
 > cryptographic algorithm.

The statement contains two inequivalent ideas:
  -- some applications (OpenSSL, PGP, etc.) which
     imply certain requirements, and
  -- some technology for generating numbers which
     may or may not meet those requirements.

The mentioned technology is what I classify as a
_stretched_ random symbol generator, because it
outputs an entropy density greater than zero but
less than 100%.

For most of the things that OpenSSL and PGP do,
certainly certificate generation and almost
certainly session-key generation, I would *not*
recommend using a stretched random symbol
generator, but rather a full-blown True Random
Symbol Generator, i.e. 100% entropy density.

There are other situations (e.g. expunging a
multi-gigabyte disk) where you might really
need to do some stretching.

BTW I prefer to reserve the term PRNG to apply
to the extreme case of zero entropy density, but
there's not much to be gained by quibbling about

 > Is there a definitive or highly recommended paper or book on the
 > design of PRNGs?

How about this:

 > I'm interested in whether there's a strong source on what the design
 >  considerations for how to process the input into the pool, mix &
 > remix the pool, and generate output are.

The idea of a pool that needs mixing and remixing
is not the optimal design IMHO.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list