When is the blocking RNG called?
em at who.net
Sat Dec 2 10:25:20 CET 2000
----- Original Message -----
From: "Bodo Moeller" <bmoeller at hrzpub.tu-darmstadt.de>
To: <gnupg-devel at gnupg.org>
Sent: Saturday, December 02, 2000 6:42 AM
Subject: Re: When is the blocking RNG called?
> Enzo Michelangeli <em at who.net>:
> > I'm pretty happy with
> > PRNG for just every task, as long as two conditions be satisfied:
> > 1) It must be impossible to guess its future output without knowing its
> > (which implies: 1.1 It must be impossible to guess its internal state
from its output)
> > 2) The PRNG is initially seeded with a sufficient amount of entropy
> > In this case, the generator is as good as a true RNG.
> Wrong. This definition is met by a "PRNG" that outputs only zeros and
> never advances its internal state, as long as this internal state
> starts with sufficient seeding.
Huh? If it outputs only zeros, it's not a PRNG at all, as its future output
is totally predictable...
To put it more explicitly: 1.1 is implied by 1 AND by the fact that the
output is determined by the internal state.
More information about the Gnupg-devel