Hacker News new | ask | show | jobs
by gotoeleven 340 days ago
You're saying something being reproducible implies that it is not pseudo-random. This is a definition of pseudo-random that exists only in your head.

The first sentence of the wikipedia entry on pseudo-randomness is:

"A pseudorandom sequence of numbers is one that appears to be statistically random, despite having been produced by a completely deterministic and repeatable process."
1 comments
austin-cheney 340 days ago
That misses a factor called good enough, or degree of predictability. Ultimately everything eventually becomes predictable if analyzed deeply enough. Another word for that is entropy. That is what my linked comment referred to. For security concerns, such as PRNGs, the appearance of randomness is not enough.

This is why security analysis requires a higher threshold than software employment at large.

link
kbolino 340 days ago
A hash function cannot create entropy. Let's be clear about that.

A good hash function will preserve entropy, up to the length of its output. If the input X has K bits of entropy and H is an N-bit cryptographic hash function, then the entropy of H(X) is min(K, N). In simpler terms, GIGO.

However, a hash function also scrambles its input, which means the output is indistinguishable from (uniform) random noise. This is the randomizing property I was talking about. It is good enough for hash functions to be used to build stronger primitives, like HMACs, PBKDFs, CSPRNGs, etc. There are many formalizations of this property, but one of the simplest is that given any K bits of the output, you cannot predict the other N-K output bits any better than guessing, even knowing the algorithm.

Of course, if you know the input to a hash function, you can predict the output perfectly. But if you don't know the input, the hash looks like random noise, and for cryptographic hash functions, this is a very strong and fundamental guarantee indeed.

link
austin-cheney 340 days ago
I agree that hash functions do not create entropy. That is what I have been saying all along.
link
maxbond 340 days ago
> Ultimately everything eventually becomes predictable if analyzed deeply enough.

How would this apply to hash algorithms, but not CSPRNGs?

link