----- Original Message ----- From: "Wei Dai" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, March 10, 2003 6:03 PM Subject: Re: Washing the X917C generator
| On Mon, Mar 10, 2003 at 04:59:53PM -0500, Walton, Jeffrey wrote: | > This is a general guestion. PGP provides a prewash of material using MD5 | > (and they also use IDEA instead of 3DES) (I think the reference I have is | > correct). Looking at the source for AutoSeededX917RNG, I think a prewash | > should be fairly simple. | > | > 1) Is it desireable (or needed)? | | No it's not needed. The random numbers provided by the operating system | has already been "washed" by the OS usually with SHA1. Hi Wei, This begs the question: If it is not required because the OS peforms the prewash, how about IVs passed into wrappers that allow 'Seed' functions when there is no OS wahing? For example, pre NT 4.0 and pre Win95 OSR2? Suppose I extend Crypto++ class X917RNG. Would it be advisable to prewash the seed? I tend to feel others (and myself at times) will incorrectly use the Crypto++ library. A permutation would make me feel better (though I think it makes no difference at all to some attackers (re: NSA) ). On the other hand, suppose a programmer had access to a true random source. In this case, not implementing a 'Seeding' function would be a hinderance. So extending X917RNG would make sense. I still feel betrayed by the infamous NSA_KEY in advapi32.dll. I can't say I trust Microsoft. Jeff [EMAIL PROTECTED]
