home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!olivea!samsung!transfer!ellisun.sw.stratus.com!cme
- From: cme@ellisun.sw.stratus.com (Carl Ellison)
- Newsgroups: sci.crypt
- Subject: Re: "random generator" passwords (was: Re: Keeping track of a lot of passwords)
- Message-ID: <5139@transfer.stratus.com>
- Date: 27 Jul 92 15:08:53 GMT
- References: <1992Jul26.072631.14847@chpc.utexas.edu> <1992Jul26.185623.10224@msuinfo.cl.msu.edu>
- Sender: usenet@transfer.stratus.com
- Organization: Stratus Computer, Software Engineering
- Lines: 16
-
- In article <1992Jul26.185623.10224@msuinfo.cl.msu.edu> mrr@scss3.cl.msu.edu (Mark Riordan) writes:
- >However, a cryptographically strong function, such as
- >DES or MD5, probably would be suitable. In fact, I wouldn't be
- >surprised if crypto-based pseudo-random number generators turned
- >in strong performances on most or all general-purpose PRNG tests.
-
- My favorite definition of a cryptographically strong PRNG holds that you
- can't predict a future bit with probability better than ((1/2)+epsilon)(*),
- knowing all bits which have already been output and having an arbitrary,
- polynomial-size machine to do the testing. Each general-purpose PRNG test
- qualifies as such a machine. So, if any PRNG fails any such test, then
- that's grounds for declaring it cryptographically weak.
-
- (*)[epsilon is, for example, o(2^(-k)) where k is a security parameter (eg.,
- # of bits of key) under control of the user]
- (Definition from Silvio Micali -- any mangling is from my faulty memory)
-