Bill Stewart wrote:
By contrast, if you've got a pseudo-random number generator, which uses some mathematical process to generate the numbers, knowing bits 1...I-1 tells you something about bits I...N, so if the message has structure to it, you can often exploit it.
Isn't a good definition of a cryptographically-strong PRNG that even if you know bits 1..I-1, you still don't know anything about bit I? (Unless you know the internal state of the PRNG, of course.) A c-strong PRNG shouldn't be susceptible to any currently known analyses. Perhaps that's just a theoretical definition, and no existant PRNGs come close. But I thought some good ones were out there. Ta, SRF -- Steve Furlong, Computer Condottiere Have GNU, will travel 518-374-4720 sfurlong@acmenet.net