PRNG design document?
Tim Dierks
tim at dierks.org
Fri Aug 29 15:43:40 EDT 2003
I'd like to thank everyone for their suggestions re: PRNG design documents.
The most commonly suggested documents were:
Peter Gutmann's paper on the subject:
http://www.cryptoapps.com/~peter/06_random.pdf
The Yarrow design document:
http://www.counterpane.com/yarrow.html
Other links & suggestions:
A link farm from David Wagner:
http://www.cs.berkeley.edu/~daw/rnd/index.html
The FIPS 186 generator:
http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf
(appendix 3)
Allow me to clarify my problem a little. I'm commonly engaged to review
source code for a security audit, some such programs include a random
number generator, many of which are of ad-hoc design. The nature of such
audits is that it's much more appealing to be able to say "here are three
accepted guidelines that your generator violates" rather than "I haven't
seen that before and I don't like it, you should replace it with something
else".
So I'm interested in such design guidelines, if they're available, which
such a generator could be tested against. While the resources provided have
been useful, it's only led me to where I was: that the only way to do so is
to attempt to analyze the system for vulnerability to a collection of known
flaws.
I know a bunch of basic, obvious things that I can state (have a large
enough internal state, generate output with a secure hash, etc.) and a
bunch of other fuzzier notions that are harder to concretize (output should
be dependent on a sufficient quantity of the internal pool, reseeding
should affect a sufficent quantity of the internal pool, etc.). But I don't
have a resource which attempts to canonically define minimal requirements
for all these elements. (If I have missed such a list in skimming the broad
resources available, I'd appreciate a note.)
Anyway, thanks to all.
- Tim
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list