Arnaud Carr?

2004-10-03 14:19:48 UTC

Hi,

I want to do a random number generator, using sampling of an external

source of entropy. I read somewhere on the net that sampling entropy

source is not necessary random data. Generally, sampled entropy must

be "blended" with strong HASH function. Let's say I choose MD5 as hash

function ( I know MD5 is not reputed as secure as SHA for signature,

but it's quite ok for my purpose ).

What's the best way to combine my entropy sampling and the HASH func ?

I though of this, tell me if you see any problem:

a) Sample 128 bits of entropy source

b) "MD5" it

c) output the 128bits Md5 result as random value

d) goto a)

Is it "good" for random ? What's the improvement if I repeat several

times b) on itself ?

Second question: As my sampling processing is quite slow (as often

with sampling), do you think it's ok for a "crypto secure" random

generator to do this:

a) Sample 128bits of entropy source

begin a loop of, say, 4 passes

b) Md5 it

c) output 128bits

end of loop

So I generate 128*4=512bits of random numbers with only 128bits of

entropy source.

What do you think of that idea ?

Generally, how does work a "cryptographic" secure random generator (

more precisly how is mixed the entropy sampling with the HASH function

?)

Thanks in advance,

Arnaud

I want to do a random number generator, using sampling of an external

source of entropy. I read somewhere on the net that sampling entropy

source is not necessary random data. Generally, sampled entropy must

be "blended" with strong HASH function. Let's say I choose MD5 as hash

function ( I know MD5 is not reputed as secure as SHA for signature,

but it's quite ok for my purpose ).

What's the best way to combine my entropy sampling and the HASH func ?

I though of this, tell me if you see any problem:

a) Sample 128 bits of entropy source

b) "MD5" it

c) output the 128bits Md5 result as random value

d) goto a)

Is it "good" for random ? What's the improvement if I repeat several

times b) on itself ?

Second question: As my sampling processing is quite slow (as often

with sampling), do you think it's ok for a "crypto secure" random

generator to do this:

a) Sample 128bits of entropy source

begin a loop of, say, 4 passes

b) Md5 it

c) output 128bits

end of loop

So I generate 128*4=512bits of random numbers with only 128bits of

entropy source.

What do you think of that idea ?

Generally, how does work a "cryptographic" secure random generator (

more precisly how is mixed the entropy sampling with the HASH function

?)

Thanks in advance,

Arnaud