When is the blocking RNG called?
Bodo Moeller
bmoeller at hrzpub.tu-darmstadt.de
Fri Dec 1 23:42:54 CET 2000
Enzo Michelangeli <em at who.net>:
> I'm pretty happy with a
> PRNG for just every task, as long as two conditions be satisfied:
>
> 1) It must be impossible to guess its future output without knowing its internal state
> (which implies: 1.1 It must be impossible to guess its internal state from its output)
> 2) The PRNG is initially seeded with a sufficient amount of entropy
>
> In this case, the generator is as good as a true RNG.
Wrong. This definition is met by a "PRNG" that outputs only zeros and
never advances its internal state, as long as this internal state
starts with sufficient seeding.
More information about the Gnupg-devel
mailing list