At 11:22 AM 4/21/02 +0200, Eugen Leitl wrote: >I disagree here somewhat. Cryptography ttbomk doesn't have means of >construction of provably strong PRNGs, especially scalable ones, and with >lots of internal state (asymptotically approaching one-time pad >properties), and those which can be mapped to silicon real estate >efficiently both in time (few gate delays, >GBps data rates) and in space >(the silicon real estate consumed for each bit of PRNG state).
What is a "provably strong" PRNG? Strong against what? If I'm supposed to know this, and have forgotten it, a pointer will suffice. I know what the attacks are for a crypto-strong plain-ole-analog-based-RNG. Its quite easy to generate apparently-random (ie, PRNGs) from block ciphers being fed, say, integers, or their own output, etc. These can be made small and fast in hardware. Large families of these can be constructed e.g. by varying bits e.g., in Blowfish's S-tables, etc.
