On Tue, 30 Jul 2002, James A. Donald wrote:
Randomness is of course indefinable. A random oracle is however
definable.
If SHA-1 is indistinguishable from a random oracle without prior
knowledge of the input, then we would like to prove that for an
attacker to make use of the loss of entropy
David Wagner [EMAIL PROTECTED] writes:
I once wrote a short note about the relevance of this to IPSec:
http://www.cs.berkeley.edu/~daw/my-posts/using-prngs
There's another way to avoid this problem, which is to separate the nonce RNG
and crypto RNG, so that an attacker seeing the nonce RNG