On Fri, Dec 02, 2005 at 10:13:21PM -0200, [EMAIL PROTECTED] wrote:
>
> Well, you just can't prove a PRNG is secure. It would be like proving that
> the AES
> is secure, or that factoring integers is hard. It just can't be done (aside
> theoretical
> discutions about P=NP).
>
Actually, this is inaccurate, proving the strength of AES or factoring is
difficult, and may never happen, we may even prove AES to be not secure
(in a broad sense) some day. Proving an RNG secure is *impossible*.
A replay of an AES tranmission remains confidential, a replay of an RNG
generated sequence, is no longer random.
Think of the scam in "The Sting", a time-delayed random outcome is no
longer random. It is not possible to prove to a passive observer that
information he is receiving is not time-delayed and was not available
to other observers in advance.
--
Viktor.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
