[4089] in cryptography@c2.net mail archive
Re: Intel announcements at RSA '99
daemon@ATHENA.MIT.EDU (Donald E. Eastlake 3rd)
Thu Jan 28 16:55:44 1999
To: cryptography@c2.net
In-reply-to: Your message of "Thu, 28 Jan 1999 13:13:10 EST."
<Pine.LNX.4.05.9901281303300.7541-100000@darwin.adni.net>
Date: Thu, 28 Jan 1999 16:45:32 -0500
From: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
See RFC 1750. If a bit stream has "simple" color, such as a simple
bias towards 1 or 0, you just use successive (non-overalpping) pairs
of bits, ignore 00 and 11, and map 01 and 10 into 1 and 0. But hash
functions are more efficient at extracting available entropy.
Donald
From: "David R. Conrad" <drc@adni.net>
Date: Thu, 28 Jan 1999 13:13:10 -0500 (EST)
To: "Arnold G. Reinhold" <reinhold@world.std.com>
Cc: cryptography@c2.net
In-Reply-To: <v03130304b2d3ea6bd25b@[24.128.119.92]>
Message-ID: <Pine.LNX.4.05.9901281303300.7541-100000@darwin.adni.net>
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cryptography@c2.net
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Tue, 26 Jan 1999, Arnold G. Reinhold wrote:
>
>> I do not agree, however, that 1 bit per second would be fast enough. I am
>> not sure what you mean by " Anything more can be generated by cryptographic
>> means," but I want a reliable source of entropy that is independent of the
>> many unproven mathematical assumptions underlying cryptography. Also we
>> should not assume that we forsee all possible uses for this source of
>> randomness. For example, people doing analysis using Monte Carlo methods
>> might have use for a fast source of near-random bits that could be easily
>> whitened in software.
>
>People doing Monte Carlo methods would be more than adequately served by
>using the kind of PRNGs they currently use, seeded by 32 or 64 truly
>random bits from this thing, no?
>
>People doing serious cryptography also need small chunks of bits --
>perhaps a random 64-bit IV, maybe a 112- or 128- or 160- or 192-bit random
>session key, or a random starting point to look for some big primes.
>
>A driver Yarrowing[1] bits from this true RNG at 1/s, running on a system
>with, say, a 30 day uptime, would have collected 2,592,000 bits of entropy
>over its lifetime. (From the chip, assuming it gets a bit each second.
>It may not get every bit the chip has available, but it would certainly
>get some entropy from other places as well.)
>
>Perhaps you don't want to trust any software at all. But surely you
>intend to do some whitening of the underlying bitstream? In part of your
>message which I cut you clearly foresaw that the bitstream wouldn't have a
>flat distribution of 0s and 1s, which means it needs some whitening.
>Using SHA-1, perhaps? But now we're back to the "many unproven
>mathematical assumptions underlying cryptography".
>
>[1] You can verb any word in the English language. :-)
>
>David R. Conrad <drc@adni.net>
>This is why I love America -- that any kid can dream "I'm going to get
>naked with the President" ... and that dream can actually come true.
>What a great country! -- Michael Moore
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGPfreeware 5.0i for non-commercial use
>Charset: noconv
>
>iQA/AwUBNrCo0IPOYu8Zk+GuEQI/ugCdEQr5booqaZJ3yrYWnDzBK4ARPVAAoMy8
>Bje/THja+sKG6sY0wlEo3mu1
>=CWku
>-----END PGP SIGNATURE-----
>
>
