[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Can NSA crack PGP?



>Minor nit: I agree that keystroke timing is good in principle for getting
>"true" random bits, but we should be careful not to extrapolate too much from
>the STU-III for general purpose computer systems.

I fully agree.

>Compounding the issue is knowing which bits in the interarrival time are
>the "hotest" ones to measure on a particular system, which may be surprisingly
>far from the lowest order bits depending on the clock granularity and skew.

I think this is less of a problem. Given a good cryptograpic hash
function, I would simply hash *all* of the clock bits, without regard
to which are the "hottest" ones. If (important 'if') there is
sufficient total entropy in the input bits, hashing should effectively
"distill" the input entropy into the output bits.

Phil