New PRNG method!

[Adam Shostack]

	The fact that something is complex does not mean your end of
it can not be monitered.  You need to discover random numbers from
something very local to you, or your opponents can mess with your
numbers.  David Wagner posted something about how Mallet could muck
with your RNG if it was based on incoming packet checksums, back in
September.

	If you want good random numbers, track the mouse.  Don't go
looking outside your computer to things other computers do.

	Lastly, using collision-resistant hashing in considered
preferable to encrypting information.

Adam


Olcay Cirit wrote:

| If the internet is so huge and complex, why not, say, use
| the least significant bits of ping times from random internet
| hosts as seeds for a PRNG? (Practical Random Number Gen.)



| After all this, you could wash it with a secure symmetric
| cryptosystem such as idea in CBC mode.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume