Hi Dan, > You raise the provability issue about BBS (which is different from the two > issues about BBS that I previously raised, which were some attacks), and also > extend it to Dual_EC, and perhaps any "public-key" DRBG.
I recently had built a DRBG or PRNG. I tasked an intern (3rd year comp sci) to do it. I instructed ChaCha. That was about it. I was able to do that because (a ) I know what ChaCha does, enough for this task, (b ) she was able to learn enough about it to write ChaCha from the paper and get it up and going, within 3 weeks, also a mixer and a collector, (c ) we're using it for crypto as well as RNGs, and (d ) if anything goes wrong with it we'll hear about it. Oh, and it comes with some pedigree, call that (e ). These are very simple engineering things. They give me confidence. And, none of the above characteristics are true of BBS or Dual_EC. Provability doesn't change that, it doesn't add to the list, and in my mind it makes it more suspicious, it gives it an air of mystique and salesmanship. This isn't saying anything that Jon didn't say, it's just adding some anecdotal flesh -- out in the coding world we'll do what is practical as engineers, we add tires on so we can kick them. We typically wouldn't touch things we don't understand with a barge pole. It's really a pragmatic approach I suppose, very humdrum, but it is what we do. iang _______________________________________________ dsfjdssdfsd mailing list [email protected] https://www.ietf.org/mailman/listinfo/dsfjdssdfsd
