At 8:52 PM -0400 6/7/2000, Don Davis wrote:
...
>but, when SGI announced their lavarand patent
>application in the press a few years ago, i
>decided that it wasn't worth worrying about.
>theirs is clearly a defensive patent, intended
>only to make sure that noone can keep SGI from
>using anything they build around the idea of
>hashing analog inputs.
I am not a lawyer, but my understanding is that having a valid patent
does not give you the right to to use the invention disclosed
therein, it merely give you the right to stop someone else from using
it. Parts of your invention may still infringe on someone else's
earlier patent. If you are merely trying to establish prior invention
in case someone else attempts to patent your idea, publication works
about as well and is a lot cheaper. Of course, owning a bunch of
patents is very useful in horse trading with other companies that may
come after you with theirs.
> > [Wouldn't all the work done on things like hashing
>> inputs in general to distil entropy, which was around
>> for years before this patent, count? --Perry]
>
>i'm sorry, but i don't agree; back then, the
>idea of "hashing various inputs" had not been
>well-justified as providing true entropy per se,
>afaik. there was a "quasi-randomness" paper by
>vazirani from around 1990, but that paper showed
>only that biased i/o-derived bits could afford
>a source of uniformly-distributed, pseudorandom
>bits, whose prediction would cost more than
>polynomial-time effort.
>
> - don davis, boston
>
Below is an excerpt from the Department Of Defense "Password
Management Guideline," CSC-STD-002-85, dated 12 April 1985. (this
text is in FIPS-112 Appendix E as well). It would seem to embody the
idea of hashing chaotic inputs to seed a PRNG. Here the hash step and
the PRNG employ the same algorithm, but I could live with that
restriction. For example, AES (or one of the AES candidates) will
serve perfectly well for both purposes.
Arnold Reinhold
======= Begin Quote=======
A.3 Pseudo-Random Number Generator
Using a random seed as input, the pseudo-random number generator that drives
a password generation algorithm should have the property that each bit in the
pseudo-random number that it generates is a complex function of all the bits
in the seed. The Federal Data Encryption Standard (DES), as specified in FIPS
46, (9) is an example of a pseudo-random number generator with this property.
If DES is used, it is suggested that the 64-bit Output Feedback (OFB) mode be
used as specified in FIPS 81 (10). In this case, the seed used as input could
consist of:
* An initialization vector
* A cryptographic key
* Plaintext
Factors that can be used as input to these parameters are:
For the initialization vector:
* System clock
* System ID
* User ID
-Date and time
For the cryptographic key:
* System interrupt registers
* System status registers
* System counters
The plain text can be an external randomly generated 64-bit value (8
characters input by the SS0). [System Security Officer]
The resulting pseudo-random number that is output will be the 64 bits of
cipher text generated in the 64-bit OFB mode. The password generation
algorithm can either format this pseudo-random number into a password or use
it as an index (or indices) into a table and use the contents from this table
to form a password or a passphrase.
======= End Quote=======
Arnold Reinhold
