[11241] in cryptography@c2.net mail archive
Re: building a true RNG
daemon@ATHENA.MIT.EDU (David Honig)
Mon Jul 29 16:10:46 2002
Date: Mon, 29 Jul 2002 12:20:38 -0700
To: David Wagner <daw@cs.berkeley.edu>,
jsd@monmouth.com (John S. Denker)
From: David Honig <dahonig@cox.net>
Cc: daw@mozart.cs.berkeley.edu (David Wagner),
cryptography@wasabisystems.com, barney@tp.databus.com (Barney Wolff)
In-Reply-To: <200207291745.g6THjdP10410@mozart.cs.berkeley.edu>
At 10:45 AM 7/29/02 -0700, David Wagner wrote:
>On the gripping hand, I don't think this is a real issue in practice.
>SHA1 is probably good enough for all practical purposes that I can
>think of.
In software. There are not many fast, hardware-efficient crypto hash
functions. DES, being extremely hardware friendly, can be (ab)used to
make a strong one-way hash. (E.g., raw input into both key and data maps
56+64 -> uniformly distributed 64 bits.)
At 03:40 PM 7/27/02 -0700, Joseph Ashwood wrote:
>So you've managed to create a true RNG, that provably generates 100% entropy
>output, that supports the speeds necessary to support the substantial
>throughput of the Sprint US backbone? (several thousand OC-11s)
"Whether there is a need for very high bandwidth RNGs" was discussed
on cypherpunks a few months ago, and no examples were found.
(Unless you're using something like a one-time pad where you need
a random bit for every cargo bit.) Keeping in mind that
a commerical crypto server can often accumulate entropy during
off-peak hours.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
