Re: Java encryption implementation

TC skrev:
> megagurka wrote:
> > TC wrote:
> > > There are several aspects of "random numbers" that are important in
> > > cryptography. One of these is randomness. (If the generator produces
> > > highly non-random results, this could help an attacker to crack it.)
> > > But another one is /unpredictability/ - a completely different thing.
> >
> > Incorrect. Randomness and unpredictability are equivalent.
>
> That would come as a surprise to the authors of RFC1750: "[traditional
> random number generator sequences] may be adequate in simulations
> (Monte Carlo experiments) [...] However, such sequences are clearly bad
> for use in security applications [because] they are fully predictable
> if the initial state is known."

All software RNG's are fully predicable if the initial state is known,
including cryptographically secure software RNG's. One difference
between a cryptographically secure RNG and a typical PRNG is that the
initial state should be hard to calculate given an output sequence.

Randomness can only be defined in relation to a specific data model. If
a sequence is unpredictable using a certain model, it's random. For
example, a cipher based RNG is random if the cipher key is unknown, and
totally predictable (ie non-random) if the key is known. You seem to
define randomness as unpredictability using an order-0 model, which is
quite useless in the crypto domain.

/JN
Received on Sat Dec 3 04:20:21 2005