Matt Blaze <mab@crypto.com> wrote:

Here's my current favorite quick-and-dirty true-random-in-software generator. Use at own risk and read the comments carefully... [...] * Physically random numbers (very nearly uniform) * D. P. Mitchell * Modified by Matt Blaze 2/95 [...] * WARNING: depending on the particular platform, truerand() output may * be biased or correlated. In general, you can expect about 16 bits of * "pseudo-entropy" out of each 32 bit word returned by truerand(), * but it may not be uniformly diffused.

While this comment provides some general information, it does not give the expected entropy in the form of testable assumptions. A first step in this direction is to provide the entropy series used to arrive at the 16 bit per 32 bit word estimate. The second step, as I recommended last week (RE: RNG Resource FAQ... on 9/22), is to provide a concise argument drawn directly from the mathematical weaknesses of the entropy series. In that post, I posed the following four criteria because they address the mathematical (theoretical) weaknesses of the entropy series, while using a vocabulary that should be sensible to a rigorous designer: 1) The states exist and can be identified. 2) The number of states n is known. 3) The index value i uniquely identifies a state. 4) The function P_i is known and well-behaved. In this way, an analyst can review both the entropy series itself, and a _concise_ statement of the criteria under which the series is defined (i.e. when the 4 mathematical weaknesses have been appropriately addressed), and the argument "why" has been scrutinized against the code or proposed design. dvw