[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*From*: "Jacob Christian Munch-Andersen" <nohat AT nohatcoder.dk>*Subject*: Re: [Cryptography] An interesting little pseudorandom number generator*Date*: Fri, 30 Jul 2021 13:37:57 +0200*List-archive*: <https://www.metzdowd.com/pipermail/cryptography>*Sender*: "cryptography" <cryptography-bounces+ben=bentasker.co.uk AT metzdowd.com>*To*: "Robert Wilson" <cryptography AT metzdowd.com>

It is an intriguing design, but it produces an even output 257 out of 512 times. The variable value lookup looks kind of side-channely, I'm not sure if it is exploitable, but the general consensus in modern cryptography is that we avoid such things completely, because it is devilishly hard to assert that there is no way to exploit that. The variable lookup is on the other hand the only thing that makes this not trivially linearly solvable, but I'm not sure if that is enough.

Using only addition has two major issues, you stick everything in the same linear space, and the higher order bits never get to influence the lower order bits.

While I'm no fan of creeping it to the absolute minimum, 2 kB of state for an rng might be a bit excessive.

You seem to have defined the size of integers to depend on the platform, you can make multiple different versions optimized for different platforms, but you should generally let the user choose which one to use so that they can get the same result across different platforms.

_______________________________________________ The cryptography mailing list cryptography AT metzdowd.com https://www.metzdowd.com/mailman/listinfo/cryptography

**References**:**[Cryptography] An interesting little pseudorandom number generator***From:*Ray Dillinger

- Prev by Date:
**[Cryptography] An interesting little pseudorandom number generator** - Previous by thread:
**[Cryptography] An interesting little pseudorandom number generator** - Index(es):