Ronald L. Rivest dixit: >I'm not sure why your proposed variation should produce >reduced loss of entropy?
CRUSH always reduces by 128 bit, but by changing the amount of WHIP calls before a CRUSH, we shuffle things around a bit more. This matches the random skips we currently use in arc4random. >In any case, I don't think loss of entropy is a problem. The >key space will be much much smaller than the state space, Not if using this as RNG, postprocessing output from something with 8192 bit of internal state, and more-or-less continuously feeding input into it. In this case, the “key” is much larger than the state. bye, //mirabilos -- <igli> exceptions: a truly awful implementation of quite a nice idea. <igli> just about the worst way you could do something like that, afaic. <igli> it's like anti-design. <mirabilos> that too… may I quote you on that? <igli> sure, tho i doubt anyone will listen ;)
