Re: The Blum-Blum-Shub generator and a guessable seed

---

• From: Unruh <unruh-spam@xxxxxxxxxxxxxx>
• Date: 6 Apr 2006 17:58:43 GMT

---

Steven Jones <sjones@xxxxxxxxxx> writes:

On Mon, 03 Apr 2006 13:16:21 +0200, Kristian Gjøsteen wrote:

Thomas B. <thetom@xxxxxxxxxxxxxxxxxxxxx> wrote:

The initial seed x_0 is derived from the system time in milliseconds. Now
my question: When an attacker can guess (brute force) x_0, is s/he able
to generate the same (pseudo-)random number output as the original BBS
PRNG?

Yes. BBS output is a deterministic function of the input. If you know the
input, you know the output. The input is the seed.

The system time is an awful seed. It contains next to no entropy from the
point of view of an attacker.

I think that this has to be qualified. First, the entropy does not come
from the system time itself, but from the unpredictability associated with
the instant at which it is read. Second, the bits of entropy that can be
extracted at a single read operation will depend on how fast the system
clock is updated. On a system running at 1 GHz, the tick counter gets
updated so quickly that a single read can extract 16 bits or more worth of
entropy.

"The initial seed x_0 is derived from the system time in milliseconds."
This has nothing to do with the system clock. Also the system time is
updated usually far less often than once per millisec, or your computer
would be spending all its time updating the time.




.

---

• Follow-Ups:
  • Re: The Blum-Blum-Shub generator and a guessable seed
    • From: Steven Jones

• References:
  • The Blum-Blum-Shub generator and a guessable seed
    • From: Thomas B.
  • Re: The Blum-Blum-Shub generator and a guessable seed
    • From: Kristian Gjøsteen
  • Re: The Blum-Blum-Shub generator and a guessable seed
    • From: Steven Jones

• Prev by Date: Re: The Blum-Blum-Shub generator and a guessable seed
• Next by Date: Re: CTR and disk sector encryption
• Previous by thread: Re: The Blum-Blum-Shub generator and a guessable seed
• Next by thread: Re: The Blum-Blum-Shub generator and a guessable seed
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: The Blum-Blum-Shub generator and a guessable seed ... to generate the same random number output as the original BBS ... The system time is an awful seed. ... It contains next to no entropy from the ... point of view of an attacker. ... (sci.crypt) Re: The Blum-Blum-Shub generator and a guessable seed ... When an attacker can guess x_0, ... BBS PRNG? ... The system time is an awful seed. ... This has nothing to do with the system clock. ... (sci.crypt) Re: COleDateTime ,SystemTimeToVariantTime Issues Questions ... AliR. ... > CTime to system time and finally to a variant time with the ... (microsoft.public.vc.mfc) Re: GetSystemTime and millisecons ... You can only do this if your hardware is designed to return ms from its ... then you must modify the OAL code for ... I try resive milliseconds in WinCE4.2. ... How I can recive millisecond connecting with system time? ... (microsoft.public.windowsce.embedded.vc) Re: The Blum-Blum-Shub generator and a guessable seed ... from the system time itself, but from the unpredictability associated with ... the bits of entropy that can be ... This is an awful way to extract entropy from the ... I do not think applications should use time ... (sci.crypt)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)