don@allegra.UUCP (11/24/83)
Someone recently asked about using random number generators for encrypting messages. It is true that a very good random number generator would be a good encryption tool, but the problem of finding a "very good" generator becomes very difficult. For example, the UNIX rand() function is nowhere near strong enough. You can perform: srand(key); for (i = 0; i < msize; i++) cyphertext[i] = plaintext[i] ^ rand(); Ignoring the fact that the low order bits of rand() are very orderly (the first bit flips alternately on and off!): 1. If you know at least one word of plaintext, plaintext[i], you can find rand()[i], and thus know the entire sequence. 2. rand() is a LINEAR function. If F(x) is a linear function, then F(11010) = F(10000) + F(01000) + F(00010), which means you can break the code "one bit at at time" and combine the results. The important lesson is that cryptography has reached a very advanced state. If you just "mess up the bits a lot" without having any theoretical reason to believe it is cryptographically secure, then you are probably doing something that is trivial to break.
outer@utcsrgv.UUCP (Richard Outerbridge) (11/29/83)
Agreed. And one of the things to come out of recent cryptography is a new definition of what constitutes a random sequence, one that seems to satisfy cryptographic as well as statistical requirements. I think it runs something like: Given any excerpt of N bits from a random sequence, one can do no better than guess at the next bit or the preceding bit. There are ways to use linear generators to create such a sequence: for instance Rivest's "Forwards & Backwards" encryption, wherein two different series are applied to a block of plaintext from opposite ends. How many others are there? Richard Outerbridge outer@utcsrgv