+     accucx!nevries
From: (Nico E de Vries)
Newsgroups: sci.crypt

Subject: Re: IBM-PC random generator, source included
Message-ID: <>
Date: 24 Jun 92 20:53:04 GMT
References: <> <>
+           <> <>
+           <> <>
Organization: Academic Computer Centre Utrecht
Lines: 56

In <> (Ross Anderson) writ es:

>The current flame war:

[Flame detection on]

>>> The total state for Nico's scheme seems to be contained in: 1) the
>>> refresh counter-timer, 2) the interrupt counter-timer, 3) the
>>> software counter lsb, and 4) the period uncertainty when used in a
>>> particular program.  This will be 4.2 + 12 + 1 + 2(?) = 19.2 bits,
>>> and this is not enough to prevent analysis.  

No flame, assumption which I don't completely understand but which
seems very valuable.

>>I don't exactly see where your numbers come from but if they are
>>correct changing the repeat counter into 24 should make the random
>>generator better?

No flame either, just question to try to understand previous.

>>> increase the state-space by up to 7 bits by using the byte-parity
>>> of each sample instead of just using the lsb, but this will not

Attempt to improve my algo. 

>>I don't see the advantage of this. The jitter can only be measured
>>when the last bit value changes (the time between two changes is
>>undeterministic). Thats why the repeat is there. 

Reasons why I think the improvement wouldn't work.

[No flames detected, search stopped]

Please notice I TRY to be funny here. I DON'T want a flame war (and
didn't see one either). I just want as many discussion on my algo
as possible hoping either to confirm it or to prove some way it
fails (and either correct it or give up).

>should be amenable to birthday testing. 

>If Nico's generator does indeed approximate to a virtual state machine with 
>less than 32 bits of state, then this could be detected by drawing at most a
>few hundred thousand samples and counting the number of doubles (and triples 
>if any).

Good thought.

>I have a preprint on such testing if anybody's interested but the basic
>principles should be obvious enough from basic probability theory.

I already mailed the outhor for it. Maybe others are interested?