Path: cactus.org!milano!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!sol. + ctr.columbia.edu!destroyer!gumby!wupost!uunet!mcsun!sun4nl!alchemy! + accucx!nevries From: nevries@accucx.cc.ruu.nl (Nico E de Vries) Newsgroups: sci.crypt Subject: Re: IBM-PC random generator, source included Message-ID: <2815@accucx.cc.ruu.nl> Date: 26 Jun 92 16:18:49 GMT References: <2673@accucx.cc.ruu.nl> <1992Jun23.080147.15804@cactus.org> + <2808@accucx.cc.ruu.nl> <1992Jun25.201323.20044@cactus.org> Organization: Academic Computer Centre Utrecht Lines: 52 In <1992Jun25.201323.20044@cactus.org> ritter@cactus.org (Terry Ritter) writes: > In <2808@accucx.cc.ruu.nl> nevries@accucx.cc.ruu.nl (Nico E de Vries) > writes: > My position is not that crystal oscillators do not jitter *at all*. > At some level of measurement, virtually everything electronic is > "nondeterministic." However, for practical purposes, using PC > timers and software measurement, crystal oscillators do not "jitter." > Crystal oscillators also drift, somewhat, in oscillation frequency, > (although this would represent very little information). Such drift > will be small, relatively repeatable and exponentially difficult > to measure. But at least this might be *possible* because as we > extend the measurement period we can pick up smaller and smaller > effects. This is not possible for phase jitter. > I do not claim that *anything* is *fully* deterministic. I do > claim that crystal oscillators are deterministic within the > stated environment. I accept the claim but disagree with it. I DO think the non constant nature of the crystals in the PC is measurable and believe my algo measures it. You claim the non deterministic part of the process is to small to measure. I don't really see why. Using two crystals to measure differences can be very accurate and I don't see why that would not be the case here. > Until you have some realistic analysis, you cannot validly say > that your "flawless true random number generator" "DOES work," > even to yourself. I did many (as said before) and others are doing the same. I will as promised post the results. Unfortunately it is much easier to show problems than showing they don't exist. Till now no practical test has shown problems. The theoretic part is much harder. I am afraid some physical experiments might be needed to check how measurable the non-deterministic properties of the PC-Crystals are and if my algo measures them or something else. > If you are going to hide the sequence behind a cryptographic hash, > I see very little reason if worrying about "real" randomness. > If you have "real" randomness, you are already far beyond what > MD5 can do for you. Otherwise, just init a statistical RNG > and use that to run MD5. If you believe in MD5. Very true. Stupid remark of me. > Terry Ritter ritter@cactus.org Nico