At 06:05 AM 9/21/95 GMT, Phil Karlton wrote:

James A. Donald <jamesd@echeque.com> writes: Whenever you need a random number, take a one way checksum, for example MD5, of the most recently altered part of that buffer. Use that as your random number.

How is this any better than feeding the data into the MD5 hash as I go? This is not a rhetorical question.

Assuming that MD5 loses no entropy, it is identical, or very similar in strength, since in the algorithm that I described the most recently altered part of the buffer depends sensitively on all previous noise accumulated into the buffer, so if the total cumulated entropy is larger than your block size, you are OK. However the algorithm I described simply used less computation, but the overhead of continually doing MD5 is probably modest. No matter what you do, if you cumulate a hundred bits of entropy, and if you use a one way hash to generate random numbers so that your session keys do not leak information about your entropy, you are going to be safe against a random number generator attack. I suggested accumulating a very large amount of entropy, but obviously this is just gilding the lily. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd@echeque.com