PRNG design document?

Tim Dierks tim at dierks.org
Fri Aug 29 15:43:40 EDT 2003


I'd like to thank everyone for their suggestions re: PRNG design documents. 
The most commonly suggested documents were:

    Peter Gutmann's paper on the subject:
       http://www.cryptoapps.com/~peter/06_random.pdf

    The Yarrow design document:
       http://www.counterpane.com/yarrow.html

Other links & suggestions:

    A link farm from David Wagner:
       http://www.cs.berkeley.edu/~daw/rnd/index.html

    The FIPS 186 generator:
       http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf
       (appendix 3)

Allow me to clarify my problem a little. I'm commonly engaged to review 
source code for a security audit, some such programs include a random 
number generator, many of which are of ad-hoc design. The nature of such 
audits is that it's much more appealing to be able to say "here are three 
accepted guidelines that your generator violates" rather than "I haven't 
seen that before and I don't like it, you should replace it with something 
else".

So I'm interested in such design guidelines, if they're available, which 
such a generator could be tested against. While the resources provided have 
been useful, it's only led me to where I was: that the only way to do so is 
to attempt to analyze the system for vulnerability to a collection of known 
flaws.

I know a bunch of basic, obvious things that I can state (have a large 
enough internal state, generate output with a secure hash, etc.) and a 
bunch of other fuzzier notions that are harder to concretize (output should 
be dependent on a sufficient quantity of the internal pool, reseeding 
should affect a sufficent quantity of the internal pool, etc.). But I don't 
have a resource which attempts to canonically define minimal requirements 
for all these elements. (If I have missed such a list in skimming the broad 
resources available, I'd appreciate a note.)

Anyway, thanks to all.

  - Tim


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list