> Sandy Harris[SMTP:[EMAIL PROTECTED]] > > Jim Choate wrote: > > > > PRNG output is fixed/repeatable too - that is a properly you *want* > from a > > > PRNG. > > > > No it isn't. You -want- a RNG but you can't have one. Nobody -wants- a > > PRNG, they -settle- for it. > > That is nearly true for crypto applications, but it certainly isn't for > some others. e.g. If you're debugging simulation software, you may need > to be able to make the PRNG produce repeatable output by giving it the > same seed on every run. > > For crypto, it absolutely clear that you need a true RNG for some > things, > if only seeding and re-seeding a PRNG, and that using a PRNG introduces > one more thing that could contain dangerous weaknesses. > > Given a well-designed PRNG, though, it is not clear that there's any > real benefit to using a true RNG instead. If you're generating 128-bit > session keys, there is no practical difference between using the true > RNG directly and using a good PRNG with, say, 256-bit key. > Here we've sort of come full circle. My first post mentioning a pi based PRNG was to call out Jim's nonsense.
In his post of Monday, April 22, 6:38 PM, jim had written: >On Mon, 22 Apr 2002, Trei, Peter wrote: >> The defining difference between the two is that if you know the >> algorithm and seed, the output of a PRNG can be reproduced, >> at a different time, place. or both. There are circumstances in >> which this is very much a desired quality. > >Actually you left something out, the PRNG by definition must have a >modulus of repetition. At some point it starts the sequence over. > >In general, this is -never- a desired quality and is the primary >distinction between the cost-utility of PRNG's versus RNG's. Peter (that's me) responded on April 23, 10:29 AM >As usual, Jim is wrong. There are deterministic systems which never >repeat. For example, there is an algorithm which will give you the >nth digit of pi. If I use this as my PRNG (one way I could seed it would >be to use key to pick a starting point) how long does Jim think it will run >before it repeats?? >Exactly what is the Choatian definition of a PRNG which requires >it to repeat, anyway? ----------- My point, I hope it is clear, was to prove that there are deterministic algorithms which do not repeat. When Jim realized what an fool he'd made of himself, he decided to change the subject; first by claiming this would be a pretty lousy PRNG to use for a cipher (of course it is - my point concerned repeated sequences, not making a good cipher), and then to blather about k-distribution (which may be a characteristic of a good PRNG, but is irrelevant to my point). I suspect the if Jim were correct, he might actually have a solution to the Halting Problem Of particular humor is his repeated insistance that anywhere one might use a PRNG, a RNG would be better. Jim, try implementing SSL with a true RNG instead of RC4. The ciphertext may be quite secure, but it's not very useful. Peter Trei
