From: (Ross Anderson)
Newsgroups: sci.crypt

Subject: Re: IBM-PC random generator, source included
Message-ID: <>
Date: 24 Jun 92 16:44:07 GMT
References: <> <>
+           <> <>
+           <>
Sender: (The news facility)
Reply-To: (Ross Anderson)
Organization: U of Cambridge Computer Lab, UK
Lines: 30

The current flame war:

>> The total state for Nico's scheme seems to be contained in: 1) the
>> refresh counter-timer, 2) the interrupt counter-timer, 3) the
>> software counter lsb, and 4) the period uncertainty when used in a
>> particular program.  This will be 4.2 + 12 + 1 + 2(?) = 19.2 bits,
>> and this is not enough to prevent analysis.  
>I don't exactly see where your numbers come from but if they are
>correct changing the repeat counter into 24 should make the random
>generator better?
>> increase the state-space by up to 7 bits by using the byte-parity
>> of each sample instead of just using the lsb, but this will not
>I don't see the advantage of this. The jitter can only be measured
>when the last bit value changes (the time between two changes is
>undeterministic). Thats why the repeat is there. 

should be amenable to birthday testing. 

If Nico's generator does indeed approximate to a virtual state machine with 
less than 32 bits of state, then this could be detected by drawing at most a
few hundred thousand samples and counting the number of doubles (and triples 
if any).

I have a preprint on such testing if anybody's interested but the basic
principles should be obvious enough from basic probability theory.