[11256] in cryptography@c2.net mail archive
RE: building a true RNG
daemon@ATHENA.MIT.EDU (James A. Donald)
Tue Jul 30 15:39:41 2002
From: "James A. Donald" <jamesd@echeque.com>
To: "'David Wagner'" <daw@cs.berkeley.edu>, <amir@herzberg.name>
Date: Tue, 30 Jul 2002 11:10:02 -0700
Cc: <cryptography@wasabisystems.com>
In-reply-to: <!~!AAAAAD6GhhUYBdYRjdwAAlUgiyEk8iwA@amir.herzberg.name>
--
On 30 Jul 2002 at 17:02, Amir Herzberg wrote:
> I found that when trying to explain and define hash functions
> and their properties, I didn't find a satisfactory definition
> for the `randomness` properties.
Randomness is of course indefinable. A random oracle is however
definable.
If SHA-1 is indistinguishable from a random oracle without prior
knowledge of the input, then we would like to prove that for an
attacker to make use of the loss of entropy that results from the
fact that it is not a random oracle, the attacker would be need to
be able to distinguish SHA-1 from a random oracle without prior
knowledge of the input.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
CxPM+cm8zcgy+aC2EA+wlmYH4DUaMzSLmaJFJN6v
225C9EmZaK85VbOoLT5EpF24GeytUdtyW9T/FjXgw
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
