• Subject: Re: Secure PRNG?
  • From: "Luther Ananda Miller" <luther.miller@xxxxxxxxxx>
  • Date: Wed, 29 Mar 2000 08:11:10 +0200
  • Organization: HYPERe

Hi Larry,

Thakns for the response. IN fact your guess is right that I am seeking
secure PRNG as part of larger picture. In this case, secure communications
over the internet between a client and a server app. I have been reading
"Applied Crytography" by Schneier, which also discusses the often-overlooked
weak links such as poor pseudo-random number generation. Actually, I believe
that the PRNG is the last link left which we need to deal with. We have
implemented Diffie-Hellman Key Exchange and the Twofish block cipher both in
Java. Now we just need to randomly generate the keys and random data to fill
unfilled cipher blocks. A seemingly good solution is to implement something
like a method quoted in Schneier's book from Mitchell and Shell. In this
case, they wrote a tight loop of code incrementing a counter and then an
interrupt which fired off and then captured the lowest byte from the
counter, xor'd it into a value, shifted the value by two, and repeated.. I
tried something similar in java (put an incrementing counter in one thread,
and then used a loop with Thread.wait() to simulate the interrupt). The
results looked good- seemingly unpredictable and distributed. The problem is
it takes time (minimum of 4ms per byte) depending on how long you wait().
The other methods mentioned in this book are related to measuring keyboard
input or mouse position as part of getting data-- and so far I haven't
thought of anything else appropriate for the AS/400... so I am still looking
for a fast solution better than java.lang.Random().

Luther

----- Original Message -----
From: Larry Loen <lwloen@vnet.ibm.com>
To: L-JAVA400@midrange.com <JAVA400-L@midrange.com>; Luther Ananda Miller
<luther.miller@HYPERE.COM>
Sent: Tuesday, 28 March 2000 22:24
Subject: Re: Secure PRNG?


> If you are dealing with security problems relating to
> this sort of thing, I suggest you try the book
> "Modern Cryptography" by Meyer and Matyas, available
> in any decent technical library.  I believe that
> somewhere, it covers topics like this.  Certainly,
> the discussions on key management will be very
> relevant to your question.


+---
| This is the JAVA/400 Mailing List!
| To submit a new message, send your mail to JAVA400-L@midrange.com.
| To subscribe to this list send email to JAVA400-L-SUB@midrange.com.
| To unsubscribe from this list send email to JAVA400-L-UNSUB@midrange.com.
| Questions should be directed to the list owner: joe@zappie.net
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.