Intel Security processor + a question

Major Variola (ret) mv at
Mon Oct 21 17:48:56 PDT 2002

At 05:13 PM 10/21/02 -0400, Tyler Durden wrote:
>So I guess the follow on question is: Even if you can look at the code
of a
> easy is it to determine if its output is "usefully random",
or are
>there certain "Diffie-approved" RNGs that should always be there, and
if not
>something's up?

Start with something analog, where no one knows the initial state
perfectly, and the dynamics are dispersive (chaotic).  Digitize it.
You can use ping pong balls if you like.

1. Measure its entropy (eg see Shannon).  Xor values together
(xor doesn't generate change (variation), but preserves it).
Go to 1 until you find that your measurments have asymptoted.

You should then hash ('whiten') your distilled 1bit/baud values,
to make it hard to go backwards throught the deterministic iterative
"distilling" in the above recipe.

In practice, you may feed a hashing digest function directly with your
measurements and rely on the digest compressing the number of bits
to assure 1 bit/baud (even without the hash-whitening).

However the output of such a hash function will be noise-like even with
very low entropy input, e.g., successive integers.  Ergo measuring after

hashing is pointless.

Discuss the results with your troopleader, and you will receive your
crypto merit badge in 4-6 weeks.

More information about the cypherpunks-legacy mailing list