Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site allegra.UUCP
Path: utzoo!linus!security!genrad!decvax!harpo!eagle!allegra!don
From: don@allegra.UUCP
Newsgroups: net.crypt
Subject: random number generators
Message-ID: <2033@allegra.UUCP>
Date: Wed, 23-Nov-83 16:45:04 EST
Article-I.D.: allegra.2033
Posted: Wed Nov 23 16:45:04 1983
Date-Received: Tue, 29-Nov-83 05:55:40 EST
Organization: AT&T Bell Laboratories, Murray Hill
Lines: 25

Someone recently asked about using random number generators for encrypting
messages.  It is true that a very good random number generator would be
a good encryption tool, but the problem of finding a "very good" generator
becomes very difficult.

For example, the UNIX rand() function is nowhere near strong enough.  You
can perform:
		srand(key);
		for (i = 0; i < msize; i++)
			cyphertext[i] = plaintext[i] ^ rand();

Ignoring the fact that the low order bits of rand() are very orderly
(the first bit flips alternately on and off!):

1. If you know at least one word of plaintext, plaintext[i], you can
find rand()[i], and thus know the entire sequence.

2. rand() is a LINEAR function.  If F(x) is a linear function, then
F(11010) = F(10000) + F(01000) + F(00010), which means you can break
the code "one bit at at time" and combine the results.

The important lesson is that cryptography has reached a very advanced state.
If you just "mess up the bits a lot" without having any theoretical reason
to believe it is cryptographically secure, then you are probably doing
something that is trivial to break.