Thor Lancelot Simon wrote:
... However, consider the pathological case, in which an adversary manages to introduce N-1 bits of known state into your PRNG which has N bits of internal state. ...
What you seem not to understand from this discussion is that the internal state is a consequence of input that is processed via a diffusion mechanism, a cryptographic hash such as SHA1 or MD5 or something stronger. These change roughly half the bits of their output when a single input bit is changed. It is not possible to know the state itself without direct inspection of structures whose security is obviously essential for useful random number generation. If your point is that system events are not a good source of entropy, I agree. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
