Posted Dec 18, 2007 4:10 UTC (Tue) by ikm
In reply to: offtopic
Parent article: On entropy and randomness
Well, I personally have no idea how hashes work. As long as they comply with the usual requirements (i.e. resistance to reversion and collision-finding), I'm quite happy. What I am concerned about is their use as RNGs, as I can't google out any papers on how mathematically correct it is to feed a hash output to its input to build an RNG. What would be the period? Does it depend on the seed supplied? The aforementioned requirements for hashes don't allow any conclusions to be drawn on these questions. Hashes are simply designed for a different purpose. While using a hash to compress the resulting entropy from another source is probably ok (as I doubt it would make it less random than it was), looping it to itself seems questionable to me. E.g., consider an example RNG, for instance, a very simple Marsaglia's SHR3. It has a period of exactly 2^32-1, which means that it iterates through all numbers within [1..2^32-1] in some random order. You can use any value to seed it other than 0, and it would still have an exact same period (and a value of zero would make it always produce zeroes). Usually RNGs have these properties well understood. Did anyone make a research on SHA1 in that regard? I don't know and I would want to know. Not that all this stuff matters in real life, but still it's interesting.
p.s. While I can't make google find any real stuff, I found posts of other people concerned with the same question, e.g. this thread. Someone there made statistical conclusions on the period based solely on the hash length, but that's statistical, while the algorithms are deterministic and not too perfect.
to post comments)