On Aug 25, 2010, at 4:37 16PM, [email protected] wrote:
>
> 3) Is determinism a good idea?
> See Debian OpenSSL fiasco. I have heard Nevada gaming commission
> regulations require non-determinism for obvious reasons.
It's worth noting that the issue of determinism vs. non-determinism is by no
means clearcut. You yourself state that FIPS 140-2 requires deterministic
PRNGs; I think one can rest assured that the NSA had a lot of input into that
spec. The Clipper chip programming facility used a PRNG to set the unit key --
and for good reasons, not bad ones.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [email protected]
