2010/12/22 Theo de Raadt <dera...@cvs.openbsd.org>: >> Is there any documented test for the quality of the PRNG? > > Are you talking about our use of MD5, or our use of RC4?
RC4. > If you are talking about our RC4, then there is; I will put it this > way: If our use of RC4 in this exactly-how-a-stream-cipher-works way > is bad, then every other use on this planet of steam ciphers is bad, > and very broken. We are relying on the base concept. I was just asking if the implementation of the RC4 based PRNG is done correctly and if there has been a test of the quality of the PRNG output. It just looked strange for me to seed the algorithm of the PRNG with a plain time value, though it's just a few bytes at the beginning of a larger block of data. So, if you believe the implementation of the PRNG is correct, there is no need to further analyze this issue. > The idea is that you can initialize a stream cipher with near-crap and > it will work OK for the way we are using it. Right. > If the MD5 stuff we generate is crap, we are still probably more than > OK compared to everyone because we are going further, and doing the > slice/dice everyone-shares on the RC4 output. I did not say, that anything you generate is crap.