[Cryptography] A better random number generator...

[Tom Mitchell]

On Sun, Feb 22, 2015 at 3:41 PM, <dj at deadhat.com> wrote:

> > On Sun, Feb 22, 2015 at 12:30 PM, Henry Baker <hbaker1 at pipeline.com>
> > wrote:
> >
> >> At 04:47 PM 2/18/2015, Tom Mitchell wrote:
> >> >A talk at Stanford:
> >> ......
> >> >Algorithmic random number generators are everywhere, used for all kinds
> >> of tasks, from simulation to computational creativity.
> > ........
> >> This video should be _required watching_ before anyone is allowed to
> >> even
> >> use "random number" in a sentence, much less in computer code.
> >
> >> https://www.youtube.com/watch?v=45Oet5qjlms
>
.....

> Be careful. LCGs and PCGs and algorithms like xorshift are not
> cryptographically secure. The goal is to have good statistical properties
> at a minimum algorithmic cost. You can see in the talk that speed is one
> property they aim for. However for more speed, parallelizable crypto modes
> are better because you can throw optimized instructions like AES-NI at
> them, or arbitrary amounts of silicon. But for crypto, you need secure
> entropy extraction, optionally followed by a secure PRNG.
>

Yes a small comment made it clear made it very clear that given some small
chunk of bits it was very possible to sync to a PRN with astoundingly long
cycles.
So yes a number of PRNs interesting to the likes of Vegas are not
cryptographically
secure in ways that surprised me.

She was asked about Intel RNG instructions and I was expecting some
disclosure
of hardware magic but she dashed my expectations and hinted at hope
for improvements in the future but did not tell us that she knew.

I no longer trust library functions... although I would still let Knuth use
his
to decide if I was buying the beer.



-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150222/e1c44b25/attachment.html>