[Cryptography] Random numbers only once

Tom Mitchell mitch at niftyegg.com
Thu Feb 6 20:17:04 EST 2014

On Mon, Feb 3, 2014 at 9:12 PM, Watson Ladd <watsonbladd at gmail.com> wrote:

> As DJB pointed out on another listhost, one only needs 256 random bits
> once, and can then use a PRF to generate an indefinite number forever.
> Why does /dev/random not do this and so avoid blocking after startup?
> It wouldn't be that hard to write to a defined block of a disk image
> these 32 random bytes.
Good question....
with 256 bits you only have 2^256  different streams of bits.

Not all PRN streams are stable with all possible input values (seeds).
For various RNG methods there are good and even bad input seeds.
Some PRN streams repeat themselves while others collapse eventually.
There is a need in some cases for RNs before the file system is live.

Consider:   http://www.bsdcan.org/2006/papers/ImprovingTCPIP.pdf
for a system that boots over the net.

It seems to me that many of the well considered issues with dev/*random*
could go away by replacing the Linux device you do not like with one you
do like.

A casino might elect to filter or toss any stream with winning and loosing
greater than 10 to avoid the  *wheat and chessboard problem*

Many cats, skin yours the way you want...

  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140206/d60454df/attachment.html>

More information about the cryptography mailing list