At 10:13 PM 2/17/96, maruishi@netcom.com wrote:

I think you are probably right when you say that it is not truely random. I don't think I thought about it very much, but this method does produce a kind of a pseudo random numbers.

Yes, it produces a "kind" of pseudo random number...the problem is determining which "kind" it is and whether it is sufficient for the planned use. The Netscape RNG also produced a "kind" of pseudo random number generator...but it was insufficient, as events showed.

But I think it would be really hard to simulate this method because if you send data to a network way out there in Europe then all the machines in between can cause the tranmission to slow down or spend up depending on the type of lines nad CPU load etc...

If by "simulation" you mean "prediction," I agree. I agree that predicting the next bit in a sequence might be hard. (But "hard" is a slippery term, and the history of crypto is littered with the corpses of systems that seemed to be hard but weren't.) However, even predicting the next bit with 50.0001% accuracy might be sufficient to reduce the work factor in an attack by many orders of magnitude. And some attacks might rely on the overall statistics of the bits, not just the ability to predict the nth bit. Again, there's a huge literature on this. --Tim May Boycott espionage-enabled software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 - 1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."