Here's an excerpt of the "final" reply I made on the subject:
Well, the problem here is the idea of pseudo-random. Even with a large period, simple linear congruential generators are still easy to break, using what is known as the index of correspondence, the key in cracking simple XOR ciphers.More details on the exchange can be found here.
Combining multiple linear congruential generators using Knuth's algorithm M may provide a longer period, even if you are using simple linear congruential generators. However, the security of such a lagged pseudo-random number generator is only as strong as the weakest generator. Also, even if your generator produces a nice sequence that is periodic only after exp(exp(exp(exp(exp(exp...(100)...))))), it will be as good as a one-time pad if you can guarantee that the bit sequence will *never* be used more than once.
Avoid using pseudo-random number generators as cryptographic algorithms. These are among the weakest link in the entire security chain. Notice that most cryptographic algorithms rely on other sources for random numbers, like hashing random events using a secure one-way hash. But of course, using a long period pseudo-random number generator is really a good thing for simulations.
My last point: Since pseudo-random number generators mostly rely on the simplest of all arithmetic operations, they are constantly under the scrutiny of mathematicians all over the world. It pays to use something that has been tried, proven and shown to be un-crackable than relying on the unsound knowledge that the pseudo-random number generator is "secure".
I think I was a really terrible asshole then… I never did see Mac as an elder—I've always thought that he was roughly a peer. I guess I was wrong.
It turns out the Internet has a way of masking who you really are talking to. Now, if only everyone were to learn how best to talk to people without sounding too haughty/condescending.
I guess I have much to learn…
No comments:
Post a Comment