outer@utcsrgv.UUCP (Richard Outerbridge) (11/12/83)
Random number generators are not very useful for cryptography without
going through expensive coniptions, right? For instance, merging them
with an autokeyed ("output feedback") DES stream or Rivests's scheme of
using two different generators operating from opposite ends of each text
block. In particular, Linear Congruential Generators (the all-round
favorites) are considered pretty dreadful when used on their own because
it's not hard to recover a bunch of the terms - or parts thereof - and
reconstruct the generator forthwith. Game over.
Quare?: Does reconstruction of the generator depend upon recovering
CONSECUTIVE terms (or parts thereof) of the generated sequence? If the
terms were shuffled in a queue before being used for key, would this pose
any significant barrier to recovering the generating function? (Assuming,
of course, that the shuffling function was somewhat intractable...)
Richard Outerbridge, ..!utcsrgv!outer, U of Toronto CSRG