Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

You may worry about your hair-do today, but tomorrow much peanut butter will be sold.

sci / sci.crypt.random-numbers / Re: bcd32 with 128bit seed - question on predicting the output

SubjectAuthor
o Re: bcd32 with 128bit seed - question on predicting the outputKarl.Frank

1
Subject: Re: bcd32 with 128bit seed - question on predicting the output
From: Karl.Frank
Newsgroups: sci.crypt.random-numbers
Organization: albasani.net
Date: Sun, 21 May 2017 19:15 UTC
References: 1
Path: eternal-september.org!news.eternal-september.org!reader01.eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!news.albasani.net!.POSTED!not-for-mail
From: Karl.Frank@Freecx.co.uk (Karl.Frank)
Newsgroups: sci.crypt.random-numbers
Subject: Re: bcd32 with 128bit seed - question on predicting the output
Date: Sun, 21 May 2017 21:15:02 +0200
Organization: albasani.net
Lines: 32
Message-ID: <ofsovm$o29$1@news.albasani.net>
References: <odfa6p$5tj$1@news.albasani.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: news.albasani.net 3aoRVKFpDRxB3L/0/JvyNy870kj2dc4nUANPjCLDwc7FcHtmUXAA+J1hmdqntgcJie0C7FzhE4oRL+IAU9nPZWMALHhFxGEJHKsfSTxENkx6QkpIlcNqn2DU5cbyQpA1
NNTP-Posting-Date: Sun, 21 May 2017 19:15:02 +0000 (UTC)
Injection-Info: news.albasani.net; logging-data="niW6AharRHlCRz2q4+nq8/1BjcNVspsk+qjH5VJC++dTOl47A59j3fhPTgFzP1+o4WMdm8UsROhoDptSYuv1vp+JfTrBQxWdFaxrccAFvNdF697iPYIjT1+2dHB9HOdB"; mail-complaints-to="abuse@albasani.net"
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0
In-Reply-To: <odfa6p$5tj$1@news.albasani.net>
Cancel-Lock: sha1:xFfGySDL8wqxwD/lWUEVNi4auek=
View all headers

On 22.04.17 12:10, Karl.Frank wrote:
> Just a quick note on a change of the seeding function for bcd32. It
> accept a 128bit seed now in order to set the initial state of a,b,c,d
> and t. This way for example a 128bit hash can be used for seeding.
> The seed function include a check that a and b never be set to zero.
>
> The modified source code for keystream generation is available here
>
> http://www.freecx.co.uk/bcd32/bcd32_keystream.c
>
> http://paste.debian.net/928753/
>
>
> Additionally I like to ask if someone has any idea on how to predict the
> output of bcd32 without knowing the 128bit seed nor the internal state?
>
Well, for a start this is a possible way:

We capture two or more consecutive output values, seed the PRNG with
arbitrary values and observe the output and all internal values until at
least two identical consecutive output values were found. At this moment
we know the complete internal state and can calculate all future states.
Additionally we might revert the PRNG and get hands on the seed.

But this is a very expensive approach. Is anyone aware of a more
effective and faster method?

--
cHNiMUBACG0HAAAAAAAAAAAAAABIZVbDdKVM0w1kM9vxQHw+bkLxsY/Z0czY0uv8/Ks6WULxJVua
zjvpoYvtEwDVhP7RGTCBVlzZ+VBWPHg5rqmKWvtzsuVmMSDxAIS6Db6YhtzT+RStzoG9ForBcG8k
G97Q3Jml/aBun8Kyf+XOBHpl5gNW4YqhiM0=

1

rocksolid light 0.9.8
clearnet tor