On 08/19/2003 11:57 AM, Tim Dierks wrote: > > I'm assuming a cryptographic PRNG of the type in OpenSSL, PGP, etc., > where entropic seeding data is accumulated into a pool and output is > produced by operating on the pool with a secure hash or similar > cryptographic algorithm.
The statement contains two inequivalent ideas: -- some applications (OpenSSL, PGP, etc.) which imply certain requirements, and -- some technology for generating numbers which may or may not meet those requirements.
The mentioned technology is what I classify as a _stretched_ random symbol generator, because it outputs an entropy density greater than zero but less than 100%.
For most of the things that OpenSSL and PGP do, certainly certificate generation and almost certainly session-key generation, I would *not* recommend using a stretched random symbol generator, but rather a full-blown True Random Symbol Generator, i.e. 100% entropy density.
There are other situations (e.g. expunging a multi-gigabyte disk) where you might really need to do some stretching.
BTW I prefer to reserve the term PRNG to apply to the extreme case of zero entropy density, but there's not much to be gained by quibbling about terminology.
> Is there a definitive or highly recommended paper or book on the > design of PRNGs?
How about this: http://www.av8n.com/turbid/
> I'm interested in whether there's a strong source on what the design > considerations for how to process the input into the pool, mix & > remix the pool, and generate output are.
The idea of a pool that needs mixing and remixing is not the optimal design IMHO.
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]