On Oct 2, 2021, at 5:08 PM, Jon Callas <jon@xxxxxxxxxx> wrote: > > >> On Sep 16, 2021, at 20:18, Sandy Harris <sandyinchina@xxxxxxxxx> wrote: >> >> I have a PRNG that I want to use within the Linux random(4) driver. It >> looks remarkably strong to me, but analysis from others is needed. > > A good block cipher in counter mode makes a pretty-okay PRNG. I say pretty-okay only because I would like my PRNG not to be invertible. Iterated hash functions are better. Whatever you use you want to truncate the output, otherwise you won’t get repetitions, which you actually want from a good PRNG. rg