Re: [tlug] /dev/random is truly random?

["Stephen J. Turnbull" <stephen@??>]

emiddleton@?? writes:

 > Look at the book you referenced for a more detailed coverage.  The
 > twisted GFSR generator produces a sequence that is more k-distributed
 > and thus more useful.

Sure, knowing that somebody thinks that tGFSR generators are good
enough for Linux, I could predict that they have good k-distribution
for "high" k, but this thread is about *why?*

Also, recently there's been some deprecation of the ARC4 algorithm,
because with a gigabyte of data you start to see some patterns.  Well,
I can understand k = 1, 2, 3, and 4 (after all, that's about the level
used for encoding identification) but k = 1000 is hard to imagine, and
k = 1000^3 is just out of the ballpark.  Does anybody actually compute
the quality of k-distribution for k = 1000000?  How?

Since we're discussing security here, this is not entirely academic.
Although probably only academic specialists really understand the
theory, practitioners at least should know what the basic vocabulary
is.  OTOH, at some point the academic vocabulary becomes meaningless
to current best practice.

Where is that point?  I don't know, but I would hope that TLUG can do
better than confusing chaos with randomness, or the initialization of
nondeterministic process with a predictable seed for a deterministic
one.