[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

There's a hole in your crypto, dear Eliza dear Eliza...

To: [email protected]
Subject: There's a hole in your crypto, dear Eliza dear Eliza...
From: Phil Fraering <[email protected]>
Date: Mon, 31 Jul 1995 22:54:20 -0500
Cc: [email protected]
In-Reply-To: "Robert A. Hayden"'s message of Mon, 31 Jul 1995 22:39:34 -0500 (CDT) <Pine.ULT.3.91.950731222139.14616A-100000@krypton.mankato.msus.edu>
Sender: [email protected]

Why are the arguments on either side so emotional?

Because the alleged possible hole is located in the
random number generator portion of the code.

Random number generation (or more precisely, strong PRNG procedures)
are one of the "hot" buttons of this list in general: no matter how
strong the mechanism is, someone can postulate "a weakness in the
code" that produces "weak" PRN's or gigabuck NSA computers that can
reproduce arbitrary PRN streams. And noone can disprove anything.
Because nothing, really, can be "proved" to be random; it's that darn
halting problem again. All we have are "reasonable" expectations,
which aren't reasonable for a subset of the intended user group.

Okay... sometime this week I'll take a long look at the prng routines
in what PGP source code I have.

I'm doing this in order to keep an open mind, _not_ because I expect
to find anything.

Other than the labeled PRNG/RNG routines, what needs to be looked at?

Phil

References:
- There's a hole in your crypto, dear Eliza dear Eliza...
  - From: "Robert A. Hayden" <[email protected]>

Prev by Date: Re: Set phone permit "wire" taps
Next by Date: Re: OS noise [Was: a hole in PGP]
Prev by thread: There's a hole in your crypto, dear Eliza dear Eliza...
Next by thread: Re: ssh protocol
Index(es):
- Date
- Thread