Comment by tptacek
2 years ago
It's very unlikely the seeds were random, and they weren't even ostensibly generated from a PRNG, as I understand it. Rather, they were passed through SHA1 (remember: this is the 1990s), as a means to destroy any possible structure in the original seed. The actual seeds themselves aren't my story to tell, but are a story that other people are talking about. For my part, I'll just point again to Koblitz and Menenzes on the actual cryptographic problems with the NIST P-curve seed conspiracy:
This seems to be all that is publicly known about the seeds: https://saweis.net/posts/nist-curve-seed-origins.html
A hash function is a (CS)PRNG. It has the key property, namely of being indistinguishable from randomness while being generated deterministically.
In fact, `echo "This is my seed" | openssl sha -sha256` is not really a CSPRNG. Hash functions are the bases of many PRNGs. But I think you're abusing an ambiguity with the word "random" here. At any rate: we should be clear now on the point being made about the P-curve seeds.
That is not true. There is no such requirement for a hash function.
Thread is talking about cryptographic hash functions, given the context
1 reply →