I am writing a service where a deterministic RNG is needed across multiple platforms that don't share a codebase (except for maybe C). The random numbers need to be exactly 128 bits long. Given a pre-negotiated truly random number, is it OK if I use AES to generate a sequence of random numbers? How it would work is I would encrypt the seed to get the first random number, encrypt the first random number to get the second, etc.
Basically:
rand[0] = truly_random_number;
rand[1] = AES(truly_random_number);
rand[2] = AES(AES(truly_random_number));
rand[n] = AES(AES(AES...AES(truly_random_number...))) //n times
The clients will share their sequence number as they communicate, so it should be possible for any of them to deterministically reconstruct the needed result.
Is this a proper use of AES? Can I use something faster for this, like SHA-256 and truncate the result? Should I just find a C implementation of some RNG and use that instead? I am leaning toward AES because the platforms I am targeting have AES accelerators, so the speed should not be much of an issue.
Aucun commentaire:
Enregistrer un commentaire