Re: The Blum-Blum-Shub generator and a guessable seed

---

• From: Steven Jones <sjones@xxxxxxxxxx>
• Date: Thu, 06 Apr 2006 21:51:40 GMT

---

On Thu, 06 Apr 2006 19:49:12 +0200, Kristian Gjøsteen wrote:

Steven Jones <sjones@xxxxxxxxxx> wrote:

I think that this has to be qualified. First, the entropy does not come
from the system time itself, but from the unpredictability associated
with the instant at which it is read. Second, the bits of entropy that
can be extracted at a single read operation will depend on how fast the
system clock is updated. On a system running at 1 GHz, the tick counter
gets updated so quickly that a single read can extract 16 bits or more
worth of entropy.

I do not agree. This is an awful way to extract entropy from the
indeterminate behaviour of your system as a whole. While a single read may
under optimal circumstances contain a small amount of entropy, you have no
guarantee that multiple reads will contain any more entropy than a single
read.

Let me rephrase it: At a time t_0 the 16 least
significant bits from a counter C (some have objected to calling it a
clock) are read and stored as B_0. C is assumed to be incremented
sufficiently quickly - 10^9 times per second is typical is modern
processors. At another, later time t_1, with t_1 <= t_0 + 5 seconds, the
same 16 bits from C are read again, and are stored as B_1. With this
information in hand, what can you say about the actual value of the 16
bits B_1?



.

---

• Follow-Ups:
  • Re: The Blum-Blum-Shub generator and a guessable seed
    • From: Kristian Gjøsteen

• References:
  • The Blum-Blum-Shub generator and a guessable seed
    • From: Thomas B.
  • Re: The Blum-Blum-Shub generator and a guessable seed
    • From: Kristian Gjøsteen
  • Re: The Blum-Blum-Shub generator and a guessable seed
    • From: Steven Jones
  • Re: The Blum-Blum-Shub generator and a guessable seed
    • From: Kristian Gjøsteen

• Prev by Date: Re: CTR and disk sector encryption
• Next by Date: Re: The Blum-Blum-Shub generator and a guessable seed
• Previous by thread: Re: The Blum-Blum-Shub generator and a guessable seed
• Next by thread: Re: The Blum-Blum-Shub generator and a guessable seed
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Gibbs Paradox ... >> The Gibb's paradox is a non-issue if you consider the entropy to ... >> extracted if you were mixing identical compounds. ... >property that TdeltaS is the maximum work we can extract!? ... (sci.physics) Re: The Blum-Blum-Shub generator and a guessable seed ... program _will_ know a lot more about the environment. ... system timer, it is the operating system's job to extract that ... entropy and make it accessible to the applications. ... (sci.crypt) Re: Gibbs Paradox ... > The Gibb's paradox is a non-issue if you consider the entropy to ... > extracted if you were mixing identical compounds. ... property that TdeltaS is the maximum work we can extract!? ... (sci.physics) Re: The Blum-Blum-Shub generator and a guessable seed ... from the system time itself, but from the unpredictability associated with ... the bits of entropy that can be ... updated so quickly that a single read can extract 16 bits or more worth of ... (sci.crypt)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > sci.crypt  > 2006-04