[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Good Enough?



At 1:24 PM 11/14/95, Derek Atkins wrote:
>Hi.
>
>First, I must warn you that generating keys on behalf of users is in
>general a very bad thing to do.  Instead, you might want to provide a
>simple way for users to generate keys and get them certified.  The
>biggest problem is that there is not an easy way to get a good set of
>random numbers on a server platform.  On the other hand, users can get
>a great deal of randomness on their own client machines.  If they can
>run netscape, then they can run PGP.
....
I don't like to harp on this but you have stated the scenario so clearly,
that I ask:

If  the user cannot trust you to generate keys for him, why should
he trust the code that you provide to him? That code can have
errors like the old Netscape code except planted on purpose so
that the private key is guessable in 2^40 tries.

There are two answers, I think.
   The code is public and the user
   hopes that any flaws will be publicized.

The second is to use keyed information (not timing but character
information) to provide the random seed. That is the idea behind
my post a few weeks ago:
"Using deterministic programs to select private RSA keys"
Some may find that method less hazardous then trusting the culture
of publishing flaws in code.

I can forward that posting to anyone interested.