[Cryptography] RNG design principles

Ron Garret ron at flownet.com
Sat Nov 26 22:20:52 EST 2016


On Nov 24, 2016, at 4:23 PM, John Denker <jsd at av8n.com> wrote:

> Returning to the original claim that Ron Garret put forth
> on 11/22/2016 01:03 PM:
> 
>> Everything that matters about randomness can be summarized in four 
>> bullet points
> 
> I really don't think so.  If you want to see what a RNG looks
> like when designed by cryptographers, take a look at:
>  Elaine Barker and John Kelsey,
>  “Recommendation for Random Number Generation Using Deterministic Random Bit Generators”
>  http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf
> 
> It's complicated ... even when using a cryptologically strong
> hash function as a building block.  Every bit of that complexity
> is there for a reason.

Well, yes, that’s true.  But unfortunately, one of the possible reasons for including things in government reports is politics.  To cite but one example, the report you cite includes a section on Dual_EC_DRBG, which is now known to contain a back door.

Also, a lot of things in crypto get complicated once you fill in all the details.  That does not mean that a short summary like mine cannot be substantially correct.  If you think that my summary has actual errors or omissions, by all means point them out.  But it is not a valid argument to cite a long paper written by experts and say that because this report is long that a short summary must be wrong simply because it’s short.

rg



More information about the cryptography mailing list