rng, anyone?
Eric Hughes
hughes at ah.com
Sat Apr 16 21:13:56 PDT 1994
Re: PGP simulators
>WHile Blum-Blum-Shub is probably the cool way to go,
>RSAREF uses repeated iterations of MD5 to generate its pseudo-randoms,
>which can be reasonably secure and use code you've probably already got
>hooks from perl for.
There is a problem with generating random numbers by repeated
iterations of a hash function when these numbers will be used to
simulate an encrypted message body. The body can be seen to be
generated by the algorithm. All you do is to apply MD5 to the first
block and see if it's equal to the second block. This completely
identifies the message as a hash-chain generation, and thus as a fake
message.
Indistinguishability is a harder criterion to simulate than other
notions of randomness.
Eric
More information about the cypherpunks-legacy
mailing list