[Cryptography] who cares about actual randomness?
John Denker
jsd at av8n.com
Thu Feb 6 05:33:41 EST 2014
On 02/06/2014 12:43 AM, ianG wrote:
> The Answer, if one can summarise, is redundant sources of tiny Entropy,
> some very careful software engineering to mix it, and a good stream
> cipher to turn a little drop of entropy into a firehose.
That is not "The Answer" in general. It is partly sloppy and
partly just wrong.
First of all, the idea of "tiny" entropy is neither a necessity
nor a virtue. There are plenty of real-world situations where
the supply of entropy is more than sufficient, not at all tiny.
Secondly, redundancy is not a virtue unto itself. Reliability
is a virtue, but multiplicity by itself is neither necessary nor
sufficient for reliability. For clarification on this point, see
http://www.av8n.com/computer/htm/secure-random.htm#sec-multi-hwrng
http://www.av8n.com/computer/htm/secure-random.htm#sec-multi-reliability
Thirdly, you don't necessarily need a cipher. For most applications,
you need a PRNG. You can turn a hash into a PRNG, and you can turn a
cipher into a hash, but strictly speaking a "stream cipher" is not
in the critical path.
Fourthly, it causes problems to say sloppy things like "turn a
little drop of entropy into a firehose". In accordance with the
ordinary rules of English, people will take that to mean that a
little drop of entropy is being turned into a firehose of entropy
... which is not what is going to happen. The laws of physics
forbid it.
If you mean to talk about a high-rate, computationally-strong random
distribution, please say so, using actual words.
Overall, I beg of you to say what you mean and mean what you say.
It causes real problems when people assert that XYZ is necessary
and/or sufficient when in fact it is not.
=================
I've been collecting FAQs and rules of thumb at
http://www.av8n.com/computer/htm/secure-random.htm
More information about the cryptography
mailing list