[Cryptography] ideas for (long) Nothing up my sleeve numbers

Hanno Böck hanno at hboeck.de
Sun Mar 30 17:51:21 EDT 2014

On Sun, 30 Mar 2014 20:43:14 +0200
Miroslav Kratochvil <exa.exa at gmail.com> wrote:

> My best guess is "Pi and Euler's number to a very high percision",
> but that seems boring.

I doubt that this is the best idea, as they are certainly not
pseudo random. They have a pretty defined structure. It is
probably unlikely but not entirely impossibe that the
gemoetric properties of Pi somehow turn into an attack surface.

My idea would be: If a normal block or stream cipher behaves like a
good cipher, it's output should behave like a random number generator.

So why not do something like: Use the most simple key you can think of
(which is 0) and encrypt the most simple thing you can think of (which
is - probably a line of zeros) with a believed-to-be-secure encryption
like chacha20+poly1394 or aes-cbc or aes-gcm? (if algo needs an IV it
should obviously also not be an arbitrary number but something simple -
like zero).

Hanno Böck

mail/jabber: hanno at hboeck.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140330/8b8f0f55/attachment.pgp>

More information about the cryptography mailing list