At 12:49 PM 04/25/2002 -0400, Trei, Peter wrote:
>Of particular humor is his repeated insistance that anywhere one
>might use a PRNG, a RNG would be better. Jim, try implementing
>SSL with a true RNG instead of RC4. The ciphertext may be quite
>secure, but it's not very useful.
I've been thinking about a somewhat different but related problem lately,
which is encrypted disk drives. You could encrypt each block of the disk
with a block cypher using the same key (presumably in CBC or some similar
mode),
but that just feels weak. So you need some kind of generator of
pretty-random-looking keys so that each block of the disk gets a different key,
or at the very least a different IV for each block of the disk,
so in some sense that's a PRNG. (You definitely need a different key for each
block if you're using RC4, but that's only usable for Write-Once media,
i.e. boring.)
Obviously you need repeatability, so you can't use a real random number
generator.
I've been thinking that Counter Mode AES sounds good, since it's easy
to find the key for a specific block. Would it be good enough just to use
Hash( (Hash(Key, block# ))
or some similar function instead of a more conventional crypto function?
