- From: "Cristiano" <cristiano.pi@xxxxxxxxxx>
- Date: Wed, 23 Dec 2009 11:47:28 +0100
Greg Rose wrote:
In article <4b30b227@xxxxxxxxxxxxxxxxx>,
Cristiano <cristiano.pi@xxxxxxxxxx> wrote:
Joseph Ashwood wrote:
[...] Although it does increase the difficulty, it does not
change an insecure PRNG to a cryptographically secure PRNG.
If you decimate the output of a LFSR (which is "an insecure PRNG")
you get a cryptographically secure PRNG (self-shrinking LFSR).
No you don't. There are attacks against the SSG.
There are attacks against many ciphers, but it doesn't mean that they are
not cryptographically secure.
I read that there is an attack against the SSG which requires 2^(0.7*L)
steps. If you take, say, L=256 or longer, the time needed to break that SSG
will be very big. I would call that SSG cryptographically secure PRNG.