On Thu, 22 Feb 1996 11:08:37 -0500, SINCLAIR DOUGLAS N <sinclai@ecf.toronto.edu> wrote:
What they have gained is the knowledge that their random number source isn't broken. If your RNG started spewing 0 bits by the thousand would you say "This stream is just as likely as any other stream that I can imagine so there is no problem", or "My RNG is broken". Of course, in nice mathematical abstractions your RNG never breaks, but we live in a nasty world of thermal failiures and cold solder joints.
No, they really haven't. Their initial post indicated that they are throwing away some 50% of their generated sets of "random" data. This indicates either their random number generator is seriously broken, or their analysis of the numbers produced is seriously broken. Either way, they have a significant problem which they are NOT addressing. In any truly random data stream, you would expect a certain percentage of blocks to have statistics outside whatever you decide is the "typical" range. If their generator is producing significantly more or less than the expected number of "atypical" blocks, it is broken. If is producing about the expected number of such blocks, it is likely working as designed, and such blocks are still TRULY random. In any case, throwing away some selected portion of its output is NOT an appropriate cure for a broken random number generator. The proper cure is fixing the generator. As a separate issue, if your cryptosystem has a set of "weak keys" it may make sense to screen your random numbers to prevent use of such weak keys. This, however, appears not to be what IPG is doing.