OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: one time pad and random num gen
From: Bill Stewart (regsupportnetscape.com)
Date: Sat Oct 07 2000 - 23:58:16 CDT

At 11:02 PM 10/6/00 +0800, Enzo Michelangeli wrote:
>----- Original Message -----
>From: "Joseph Ashwood" <ashwoodmsn.com>
>> I believe the point was that with a PRNG you immediately violate the
>> proof of OTP.
>
>OK, one can't use the OTP name in this case without committing sin of
>"snake oiliness", but also stream ciphers can be useful, can't they?

Sure, they can be - but it's much harder to prove they're
secure enough, unlike a OTP which is easy to prove secure,
just harder to use.

>> And EVERY (stream cipher useful) PRNG produces patterns, it's just a
>> matter of how long until it does. They all have limited states, when
>> those states are exhausted the state must be set to a previous visited
>> state, and a pattern will be present.
>
>But if the cycle is long enough (which is the case for PRNG's defined as
>"good"), it may not be observable in many eons. And anyway, PRNG's may be
>(and usually are) reseeded periodically with a few bits of truly random
>data, disrupting any cyclic behaviour.

Cycles aren't the only problems with PRNGs - in general, if you either
know the algorithm or are good at guessing, or can steal the key,
you can crack the thing in some finite workload, often small.

Also, there are algorithms that are non-cyclic that are still weak -
consider SKIP-First-N-Bits( N, 3.1415926535459045....) or
1234567891011121314151617181920212223.....
or C(N+1) = hash(C(N)) XOR P(N), where hash() is well-known.

                                Thanks!
                                        Bill
Bill Stewart, bill.stewartpobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639