bram (bram@gawth.com)
Thu, 6 Aug 1998 12:38:43 -0700 (PDT)
On Wed, 5 Aug 1998, Michael Paul Johnson wrote:
> you could just use a good mixer, like a CRC or non-cryptographic hash to
> whiten the noise if speed is an issue. As long as you restrict the
> output bit rate to less than the actual estimated entropy of the source,
> you should be alright, provided that your noise source is as random as
> you think it is.
>
> Then again, the truly paranoid may beg to differ.
The attack model for cryptographic applications is a bit different - you
generally want to limit the amount of damage an attacker can do by reading
some of the input or inducing some of the input, so hashing is essential.
That said, it doesn't hurt to use good mixing to increases your random
noise to 1 bit of entropy per bit before sending it into a
cryptographically secure PRNG, in fact it's prabably a good idea, since
cryptographic PRNGs tend to be based on relatively slow things like SHA-1.
-Bram
(I'm not actually truly paranoid, but know how to act that way.)
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:10:56