Enzo Michelangeli (em@who.net)
Wed, 3 Feb 1999 08:02:49 +0800
If I remember well from my schooldays, however, a properly designed LCPRNG
has _provably_ good statistical characteristics: e.g., provably uniform
first-order distribution, provable stationariety, provably white spectrum
(within the range of its period) etc. Which, by the way, is another proof
of the limited comfort that statistical tests may give to someone looking
for cryptographic (P)RNG's.
Of course, the provability may not matter much in most statistical
applications, if there is strong evidence that a competing algorithm
produces consistently good data streams.
Enzo
-----Original Message-----
From: Perry E. Metzger <perry@piermont.com>
To: Bruce Schneier <schneier@counterpane.com>
Cc: jim@acm.org <jim@acm.org>; CodherPlunks@toad.com <CodherPlunks@toad.com>
Date: Wednesday, February 03, 1999 5:39 AM
Subject: Re: Selecting parameters for LCGs
>
>Bruce Schneier <schneier@counterpane.com> writes:
>> At 11:41 PM 2/1/99 -0500, Perry E. Metzger wrote:
>> >Speaking of Montecarlo, I've been wondering for some time:
>> >
>> >Is RC4 a good PRNG for monte carlo types? I mean, its a very good PRNG
>> >-- is it good enough for *non*-cryptographic use?
>>
>> I would think so. If it has problems in Monte Carlo tests, that would be
a
>> VERY interesting cryptographic result.
>
>That's what I've always thought -- if there is *any* bad property from
>a Monte Carlo point of view it will be far worse from a cryptography
>point of view. HOWEVER, that seems to imply that there is no point in
>using linear congruential generators, since RC4 is trivial to code and
>use (insignificantly harder than a LCPRNG), and is far better at being
>random!
>
>Perry
>
>
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:25