outer@utcsrgv.UUCP (Richard Outerbridge) (11/12/83)
Random number generators are not very useful for cryptography without going through expensive coniptions, right? For instance, merging them with an autokeyed ("output feedback") DES stream or Rivests's scheme of using two different generators operating from opposite ends of each text block. In particular, Linear Congruential Generators (the all-round favorites) are considered pretty dreadful when used on their own because it's not hard to recover a bunch of the terms - or parts thereof - and reconstruct the generator forthwith. Game over. Quare?: Does reconstruction of the generator depend upon recovering CONSECUTIVE terms (or parts thereof) of the generated sequence? If the terms were shuffled in a queue before being used for key, would this pose any significant barrier to recovering the generating function? (Assuming, of course, that the shuffling function was somewhat intractable...) Richard Outerbridge, ..!utcsrgv!outer, U of Toronto CSRG