On 6/23/2015 7:00 AM, Ofer Inbar wrote:
To me, the idea that it's "political" to use the US debt, is on its
face hard to believe or take seriously. So before everyone else has
to justify every other claim down to many levels of detail, can we see
any justification of the claim that there's any disadvantage to using
this convenient number, or that it's done for political reason?
1) zero evidence that this is an accurate source of entropy.
There are modern alternatives:
- treat Nomcom selection as something other than the securing of
international resources, and use a seed based on the message ID of the
first Nomcom announcement or such.
- use a *true* source of entropy, such as quantum effects or energy
noise. Two alternatives, based on these two effects respectively,
already exist:
http://www.nist.gov/itl/csd/ct/nist_beacon.cfm
includes signed escrowed values from previous dates
https://www.random.org/
this one has a list mode that can be based on previously
generated values:
https://www.random.org/lists/?mode=advanced
The use of a true source of entropy would also obviate reliance on hash
algorithms as well.
Joe