At 05:13 PM 10/21/02 -0400, Tyler Durden wrote:
So I guess the follow on question is: Even if you can look at the code
of a
RNG...how easy is it to determine if its output is "usefully random", or are there certain "Diffie-approved" RNGs that should always be there, and if not something's up?
Start with something analog, where no one knows the initial state perfectly, and the dynamics are dispersive (chaotic). Digitize it. You can use ping pong balls if you like. 1. Measure its entropy (eg see Shannon). Xor values together (xor doesn't generate change (variation), but preserves it). Go to 1 until you find that your measurments have asymptoted. You should then hash ('whiten') your distilled 1bit/baud values, to make it hard to go backwards throught the deterministic iterative "distilling" in the above recipe. In practice, you may feed a hashing digest function directly with your raw measurements and rely on the digest compressing the number of bits in:out to assure 1 bit/baud (even without the hash-whitening). However the output of such a hash function will be noise-like even with very low entropy input, e.g., successive integers. Ergo measuring after hashing is pointless. Discuss the results with your troopleader, and you will receive your crypto merit badge in 4-6 weeks.