[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: DIGEST-MD5 and {nonce,cnonce}
On Mon, 25 Oct 1999, Ed Carp wrote:
> > At 12:32 PM 10/25/99 -0700, Kurt D. Zeilenga wrote:
> > >Rand(3) provides a sequence of psuedo-random numbers. The
> > >amount of entropy in these numbers cannot be greater than
> > >the seed used to determine the sequence.
> >
> > Poor wording: The amount of entropy in the series of numbers
> > cannot cannot be greater than the seed used to determine the
> > sequence. That is, the series numbers are not independent.
>
> Even given different seeds? If so, it's a piss-poor even "pseudo-" random
> generator.
- It's meant for simulating things like die tossing, not for
cryptography. Generating "Truly" random numbers is a very difficult
problem.
>I can do better than that typing blind at the keyboard.
>
- Yes, that's entirely the point.
> That would also throw out the idea of feeding the output of rand() to MD5.
- Very wise, If you're really interested in the why's and wherefore's
of how to generate entrophy, I suggest you read Bruce Schneier's
Applied Cryptography.
- Generally, any scheme that uses a PRNG to produce suitable
entrophy is highly suspect (even if you only use it as an index
into other data. )
- Booker C. Bense