Re: Random Data from Geiger Counter

John Kelsey (kelsey@plnet.net)
Wed, 15 Jul 1998 23:54:03 -0500

• Next message: Adam Shostack: "Re: One real life secure random generator"
• Previous message: John Kelsey: "Re: One real life secure random generator"
• Maybe in reply to: Bill Frantz: "One real life secure random generator"
• Next in thread: bram: "Entropy loss"
• Reply: bram: "Entropy loss"
• Reply: Cicero: "Re: Random Data from Geiger Counter"

> From: Cicero <cicero@redneck.efga.org>
> To: Bill Stewart <bill.stewart@pobox.com>
> Cc: William H. Geiger III <whgiii@invweb.net>; CodherPlunks@toad.com
> Subject: Re: Random Data from Geiger Counter
> Date: Wednesday, July 15, 1998 2:55 PM

> >>What do you see as the problems with:
> >> 1. Hash the data
> >> 2. Encrypt the data in CBC mode with the hash as key
> >>If the hash and cipher are both strong, this should be good.
> >
> >I don't trust the latter step - you're using the encryption
> >as a hash function, which it wasn't designed for,
> >rather than using a hash function that _was_ designed for hashing.
>
> I don't think that I am using CBC as a hash in 2. I could have
used
> CBC-hash for 1., and your argument might be raised there, but I
> didn't say what hash I was using in 1.

Right. I will raise one point with this scheme, though: You
actually lose a small amount of entropy here, since you can't use the
output from this to go back to the input. I don't see this as being
important with any real buffer size, but it's at least a theoretical
complaint.
 
> Cicero

--John Kelsey, kelsey@counterpane.com / kelsey@plnet.net
NEW PGP print = 5D91 6F57 2646 83F9 6D7F 9C87 886D 88AF

• Next message: Adam Shostack: "Re: One real life secure random generator"
• Previous message: John Kelsey: "Re: One real life secure random generator"
• Maybe in reply to: Bill Frantz: "One real life secure random generator"
• Next in thread: bram: "Entropy loss"
• Reply: bram: "Entropy loss"
• Reply: Cicero: "Re: Random Data from Geiger Counter"