One thing I haven't seen from a PRNG or HWRNG library or device is an unpredictable sequence which does not repeat; in other words, a [cryptographically strong?] permutation. This could be useful in all sorts of places in the kernel and elsewhere to prevent replay (for example, in DNS ID #s, in challenge-response protocols, for IVs where you must never repeat an IV, etc.) From what I can tell the common practice is to pick a value at random, and hope that you don't get a collision, but this has the problem of the birthday paradox.

The questions I have for you are: 1) What form should the API for this take? I was thinking that there could be a create new sequence" operation, and the system could return an opaque value to the client to store for its next value, and the "get next" operator could take it as an input, freeing the PRNG from having to remember state for every stream. 2) While CTR mode with a random key is sufficient for creating a permutation of N-bit blocks for a fixed N, is there a general-purpose way to create a N-bit permutation, where N is a variable? How about picking a cryptographically strong permutation on N elements, where N is not necessarily a power of 2? 3) Is there any point in offering a permutation generator that is not cryptographically strong? -- http://www.lightconsulting.com/~travis/ -><- P=NP if (P=0 or N=1) "My love for mathematics is unto 1/x as x approaches 0." GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]