Re: Java encryption implementation

megagurka wrote:
> TC wrote:
> > There are several aspects of "random numbers" that are important in
> > cryptography. One of these is randomness. (If the generator produces
> > highly non-random results, this could help an attacker to crack it.)
> > But another one is /unpredictability/ - a completely different thing.
>
> Incorrect. Randomness and unpredictability are equivalent.

That would come as a surprise to the authors of RFC1750: "[traditional
random number generator sequences] may be adequate in simulations
(Monte Carlo experiments) [...] However, such sequences are clearly bad
for use in security applications [because] they are fully predictable
if the initial state is known."

> > Say you generate a huge number of sequential integers. That sequence of
> > integers is:
> > - randomly distributed (no integer appares more commonly than any other
> > one);
>
> Your sequence is not "randomly distributed".

Please tell me which integer in the set of integers from 1 to 1000000
exhibits a statistical bias in relation to the other integers in that
set.

> > So my generator, which I offered as an instructive joke, was only meant
> > to illustrate that randomness is /not enough/, and having a long period
> > is also /not enough/. The numbers must also be /unpreictable/ - a
> > completely different thing.
>
> Of course randomness is enough for a RNG.

So all the crypto experts here who disagree with that, are wrong?

TC
Received on Sat Dec 3 04:20:20 2005