[...]
tytso> For example, with
tytso> the generators above, one can determine V(n+1) given knowledge of
tytso> V(n). In fact, it has been shown that with these techniques, even if
tytso> only one bit of the pseudo-random values is released, the seed can be
tytso> determined from short sequences.
You mean linear congruential generators.
(Linear congruential generators are probably the best understood
generators, just because of their simplicity, Fibonacci type maybe
next.)
tytso> Not only have linear congruent generators been broken, but techniques
tytso> are now known for breaking all polynomial congruent generators
tytso> [KRAWCZYK].
In this RFC, I find only
[KRAWCZYK] - How to Predict Congruential Generators, Journal of
Algorithms, V. 13, N. 4, December 1992, H. Krawczyk
as reference.
So does this include also the (lagged) Fibonacci generators? When you
apply methods to improve the quality of randomness, like those proposed
by Luescher?
Still, I maintain that DEK's generator is superior to what most people
use. For non-networked machines, where security is not first priority,
a clearly leaner and (I think) acceptable solution.
Cheers,
-ha