At 12:49 PM 04/25/2002 -0400, Trei, Peter wrote: >Of particular humor is his repeated insistance that anywhere one >might use a PRNG, a RNG would be better. Jim, try implementing >SSL with a true RNG instead of RC4. The ciphertext may be quite >secure, but it's not very useful.
I've been thinking about a somewhat different but related problem lately, which is encrypted disk drives. You could encrypt each block of the disk with a block cypher using the same key (presumably in CBC or some similar mode), but that just feels weak. So you need some kind of generator of pretty-random-looking keys so that each block of the disk gets a different key, or at the very least a different IV for each block of the disk, so in some sense that's a PRNG. (You definitely need a different key for each block if you're using RC4, but that's only usable for Write-Once media, i.e. boring.) Obviously you need repeatability, so you can't use a real random number generator. I've been thinking that Counter Mode AES sounds good, since it's easy to find the key for a specific block. Would it be good enough just to use Hash( (Hash(Key, block# )) or some similar function instead of a more conventional crypto function?