--
James A. Donald:
> > Why would one want to implement a PRNG in silicon, when one
> > can easily implement a real RNG in silicon?
Joseph Ashwood
> Because with a pRNG we can sometimes prove very important
> things, while with a RNG we can prove very little (we can't even
> prove that entropy actually exists, let alone that we can
> collect it).
Don't be silly. Of course we know that entropy exists, and we can
collect it.
If a RNG runs off Johnson noise, then the ability to predict its
output would imply the ability to violate the second law of
thermodynamics. If it runs off shot noise, then the ability to
predict its output would disprove quantum mechanics.
James A. Donald:
> > And if one is implementing a PRNG in software, it is trivial
> > to have lots of internal state (asymptotically approaching
> > one-time pad properties).
Joseph Ashwood
> The problem is not having that much internal state, but what do
> you do with it? Currently the best options on that front involve
> using block ciphers in various modes, but this has a rather
> small state,
RC4 has 1684 bits of state, which should prove sufficient to
defeat guessing.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
UNjL648yUpHHqrtSkuqM4aSqMyrvINTkUxuejUrw
4p+eSMHddpTphVL4w7YT6QOmR7vxXiyhsQn7/QJOh
