On Sunday, April 21, 2002, at 11:09 PM, Eugen Leitl wrote: > On Sun, 21 Apr 2002 [EMAIL PROTECTED] wrote: > >> Why would one want to implement a PRNG in silicon, when one can >> easily implement a real RNG in silicon? > > Both applications are orthogonal. PRNG != entropy. > >> And if one is implementing a PRNG in software, it is trivial to >> have lots of internal state (asymptotically approaching one-time >> pad properties). > > Yes, but software is too slow to be able to handle >GBit data rates. > It's > inefficient use of CPU silicon real estate. >
What real-life examples can you name where Gbit rates of random digits are actually needed? Even high-bandwidth transfers of MPEGs, for example, will be done with conventional ciphers using only a tiny fraction of this bandwidth for the random number parts of the ciphers. Speaking of real world issues, it's been half a dozen years since Goldberg and Wagner broke the Netscape "time of day random number generator." I've heard of no serious attacks when a PRNG is used properly. Not to say it can't happen, or won't happen, or hasn't already happened. In any case, if someone wants Gbits per second of random numbers, it'll cost 'em, as it should. Not something I think we need to worry much about. --Tim May "As my father told me long ago, the objective is not to convince someone with your arguments but to provide the arguments with which he later convinces himself." -- David Friedman
