At 10:56 AM 8/12/02 +0100, Paul Crowley wrote:
...
>Here's the game. Our attacker selects an algorithm MUNGE which takes
>an unbounded stream of random bits as input and generates random
>strings as output. We then select a key K and reveal it to the
>attacker. We take a secret unbounded stream
OK, here's an attempt at a formal definition of how secure a keyed
hash function is for entropy collection.
Here's the game. Our attacker selects an algorithm MUNGE which takes
an unbounded stream of random bits as input and generates random
strings as output. We then select a key K and revea
At 11:09 PM 8/7/02 +, David Wagner wrote:
>John Kelsey wrote:
>>a. If my input samples have enough entropy to make my outputs random, then
>>I need to resist computationally unbounded attackers. (Otherwise, why
>>bother with distilling entropy; just use a PRNG.)
>>
>>b. If my input samples
