----- Original Message -----
From: <[EMAIL PROTECTED]>
To: "Tim May" <[EMAIL PROTECTED]>; "Eugen Leitl" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, April 21, 2002 1:33 PM
Subject: CDR: Re: Two ideas for random number generation
> Why would one want to implement a PRNG in silicon, when one can
> easily implement a real RNG in silicon?
Because with a pRNG we can sometimes prove very important things, while with
a RNG we can prove very little (we can't even prove that entropy actually
exists, let alone that we can collect it).
> And if one is implementing a PRNG in software, it is trivial to
> have lots of internal state (asymptotically approaching one-time
> pad properties).
The problem is not having that much internal state, but what do you do with
it? Currently the best options on that front involve using block ciphers in
various modes, but this has a rather small state, but again we can quite
often prove things about the construct.
Joe
