[Cryptography] RNG design principles
Ron Garret
ron at flownet.com
Sat Nov 26 22:20:52 EST 2016
On Nov 24, 2016, at 4:23 PM, John Denker <jsd at av8n.com> wrote:
> Returning to the original claim that Ron Garret put forth
> on 11/22/2016 01:03 PM:
>
>> Everything that matters about randomness can be summarized in four
>> bullet points
>
> I really don't think so. If you want to see what a RNG looks
> like when designed by cryptographers, take a look at:
> Elaine Barker and John Kelsey,
> “Recommendation for Random Number Generation Using Deterministic Random Bit Generators”
> http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf
>
> It's complicated ... even when using a cryptologically strong
> hash function as a building block. Every bit of that complexity
> is there for a reason.
Well, yes, that’s true. But unfortunately, one of the possible reasons for including things in government reports is politics. To cite but one example, the report you cite includes a section on Dual_EC_DRBG, which is now known to contain a back door.
Also, a lot of things in crypto get complicated once you fill in all the details. That does not mean that a short summary like mine cannot be substantially correct. If you think that my summary has actual errors or omissions, by all means point them out. But it is not a valid argument to cite a long paper written by experts and say that because this report is long that a short summary must be wrong simply because it’s short.
rg
More information about the cryptography
mailing list