Random Numbers in Perl

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Nathan Saper
Date:  
Subject: Random Numbers in Perl
On Mon, Oct 23, 2000 at 11:49:38PM -0700, der.hans wrote:
> Am 23. Oct, 2000 schwäzte Kevin Buettner so:
>
> >  - the /dev/random driver appears to be already doing something
> >    roughly equivalent to an md5sum.  In fact, random.c contains the
> >    core of the MD5 algorithm.  However, it is not being used.
> >    In its place, something called a SHA hash is used on the entropy
> >    pool to generate random numbers.  If you prefer to use the MD5
> >    code, you can comment out the USE_SHA define.  I imagine that
> >    there's a good reason for using the SHA hash instead of MD5;

>
> Went to an intrusion detection presentation at AZSAGE last week. The
> presentor said that SHA and MD5 are the two formats allowed by the courts,
> e.g. if you encrypt with something else they won't allow the evidence. She
> said there was a way to break MD5 in a matter of minutes, so SHA appears
> to be the way to go.
>
> I don't know enough to say whether or not she was right...
>


I don't know the specifics of the attack against MD5, but most people
do seem to think that SHA is much stronger.

> ciao,
>
> der.hans

- --
Nathan Saper () | http://www.well.com/user/natedog/
GnuPG (ElGamal/DSA): 0x9AD0F382 | PGP 2.x (RSA): 0x386C4B91
Standard PGP & PGP/MIME OK      | AOL Instant Messenger: linuxfu