On 18/02/12 23:05 PM, Peter Gutmann wrote:
Morlock Elloi<[email protected]> writes:
Properly designed rngs should refuse to supply bits that have less than
specified (nominal) entropy. The requestor can go away or wait.
So you're going to sacrifice availability for some nebulous (to the user)
level of security. What do you think the survivability of this "feature" will
be in the real world?
To some extent this is an argument over designs & definitions. It seems
that we've reached a sort of consensus on definitions:
an RNG should deliver a quality of entropy, on which demand, it may
insist "none at the moment"
a PRNG should deliver a quantity with some hopeful quality, and
should therefore simply deliver a steady stream regardless of its state.
It is happy to deliver with a seed of 0.
Which latter probably implies that any PRNG is a "perfect" PRNG as per
the NIST concept of fully deterministic, fully testable, and it is up to
the User to provide the entire seed.
If the User chooses to hook her RNG output up to her PRNG input, then
that works too, but she's then in charge of both variables.
iang
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
