[11240] in cryptography@c2.net mail archive
Re: building a true RNG
daemon@ATHENA.MIT.EDU (David Wagner)
Mon Jul 29 16:09:12 2002
X-Envelope-To: cryptography@wasabisystems.com
To: cryptography@wasabisystems.com
From: daw@mozart.cs.berkeley.edu (David Wagner)
Date: 29 Jul 2002 18:30:38 GMT
X-Complaints-To: news@abraham.cs.berkeley.edu
Sandy Harris wrote:
>I think the interesting question is whether, for M-bit hash inputs,
>and an N-bit hash, with a lower bound Q on entropy per input batch,
>so M > Q > N, we can show, as I think Denker is claiming to have done,
>that the entropy of hash(M) must be > N - epsilon, for some epsilon
>small enough to ignore.
The result you want should follow in the random oracle model. (Of course,
there is no proof that SHA1 is well-approximated by the random oracle
model, though it is a common assumption.)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
