[Cryptography] combining lots of lousy RNGs ... or not

Bill Frantz frantz at pwpconsult.com
Tue Nov 29 00:12:21 EST 2016

On 11/22/16 at 3:13 AM, leichter at lrw.com (Jerry Leichter) wrote:

>Triple rot13, indeed.

But triple DES IS better than single DES.

The algorithms used matter. Rot13 is bad encryption algorithm 
because it has no mixing. XOR is a poor combiner because A XOR A 
==> 0, losing all randomness and producing a predictable output 
when the two inputs are perfectly correlated.

Probably a secure hash in hash(1, A) XOR hash(2, A) ==> not 
zero, perserving some of the input randomness in A. BUT, I know 
of no proof of this assertion.

I must admit that I am very nervous about trusting only one 
source and feel more comfortable combining sources. If I combine 
RDRAND with mouse movement locations and timings I have sources 
that require my opponent to have very different mechanisms to 
compromise. If RDRAND is compromised, it is most likely by a 
nation state attacker who probably doesn't have access to the 
detailed timing of operations on my computer. Using dev/random 
or dev/urandom (they are the same on my computer) as a combiner 
is fine. If my opponent has access to both sources, or has 
compromised the combiner in the OS, then I am truly toast. He 
can control anything my computer can control and access any 
information stored on my computer. Good random numbers won't help.

Cheers - Bill

Bill Frantz        | If the site is supported by  | Periwinkle
(408)356-8506      | ads, you are the product.    | 16345 
Englewood Ave
www.pwpconsult.com |                              | Los Gatos, 
CA 95032

More information about the cryptography mailing list