When is the blocking RNG called?

Enzo Michelangeli em at who.net
Sat Dec 2 10:25:20 CET 2000


----- Original Message -----
From: "Bodo Moeller" <bmoeller at hrzpub.tu-darmstadt.de>
To: <gnupg-devel at gnupg.org>
Sent: Saturday, December 02, 2000 6:42 AM
Subject: Re: When is the blocking RNG called?


> Enzo Michelangeli <em at who.net>:
>
> >                                                   I'm pretty happy with
a
> > PRNG for just every task, as long as two conditions be satisfied:
> >
> > 1) It must be impossible to guess its future output without knowing its
internal state
> > (which implies: 1.1 It must be impossible to guess its internal state
from its output)
> > 2) The PRNG is initially seeded with a sufficient amount of entropy
> >
> > In this case, the generator is as good as a true RNG.
>
> Wrong.  This definition is met by a "PRNG" that outputs only zeros and
> never advances its internal state, as long as this internal state
> starts with sufficient seeding.

Huh? If it outputs only zeros, it's not a PRNG at all, as its future output
is totally predictable...
To put it more explicitly: 1.1 is implied by 1 AND by the fact that the
output is determined by the internal state.

Enzo





More information about the Gnupg-devel mailing list