[Cryptography] real random numbers

Joachim Strömbergson Joachim at Strombergson.com
Mon Sep 16 08:16:51 EDT 2013

Hash: SHA1


John Denker wrote:
> On 09/15/2013 03:49 AM, Kent Borg wrote:
>> When Bruce Schneier last put his hand to designing an RNG he 
>> concluded that estimating entropy is doomed. I don't think he
>> would object to some coarse order-of-magnitude confirmation that
>> there is entropy coming in, but I think trying to meter entropy-in
>> against entropy-out will either leave you starved or fooled.
> That's just completely backwards.  In the world I live in, people get
> fooled because they /didn't/ do the analysis, not because they did.
> I very much doubt that Bruce concluded that accounting is "doomed". 
> If he did, it would mark a dramatic step backwards from his work on
> the commendable and influential Yarrow PRNG: J. Kelsey, B. Schneier,
> and N. Ferguson (1999) http://www.schneier.com/paper-yarrow.pdf

What Kent is probably referring to is the Fortuna RNG which is a
successor to Yarrow. One difference between Yarrow and Fortuna is the
lack of the estimator in Fortuna.

As Bruce and Ferguson states in chapter 10.3 of Practical Cryptography
(where Fortuna is described in good detail) [1]:

"Fortuna solves the problem of having to define entropy estimators by
getting rid of them."

[1] https://www.schneier.com/book-practical.html

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


More information about the cryptography mailing list