I have released an updated version of my 1998 Usenix Security Symposium paper
"Software Generation of Practically Strong Random Numbers", this version is
more than twice as long as the original and includes a lot more information
than there was room for originally. You can get it from
http://www.cs.auckland.ac.nz/~pgut001/pubs/random2.pdf (broken formatting
courtesy of Microsofts postscript drivers :-).
The updated version looks at the requirements for a software-based generator,
examines some existing ones (AC2, X9.17, PGP 2.x, PGP 5.x, /dev/random, Skip,
ssh, SSLeay/OpenSSL, Capstone/Fortezza, and PIII) and points out problem areas
(I notified anyone who might be affected a month or two back), and then
presents an updated and extended design for what I hope is a reasonably secure
and appropriately paranoid generator. Since the topic of crypto RNG's seems to
come up every six months or so (the last time being last week) I hope this
information is of use to people.
Peter.
