17 Dec
2003
17 Dec
'03
11:17 p.m.
On Sat, 4 Nov 1995, Bill Stewart wrote:
Most of the designs I've seen look like this: A Reservoir of entropy R = R1....Rn, where n is large, 1024 or 4096 An input stream I = I1....Ik, which is mixed into R A mixing function F which is used to mix R <= F(R,I) for some chunk of I, possibly empty. A hash function H, typically MD5. An output O = O1...Om = H(R), and E gets mixed after every output. (These are capital-o, not zero...)
I believe PGP uses this approach. An implementation of it can also be found in Crypto++ as randpool.cpp.