[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Internet Privacy Guaranteed ad (POTP Jr.)



> ...and note that IPG does us the favor of ensuring the keys conform to
> this elaborate battery of statistical tests.  Thus, there are bunches
> of keys that "aren't random enough" and thus not among the set to be
> considered when trying to break one.

I wouldn't fault them on that.  For example, let's say they have a
sample of 1000 bits.  They count the number of 1 bits, and discard
any samples that have less than 450 or more than 550.

They have thrown away a number of bits of entropy here.  Somewhere
between 10 and 100 at a guess -- my combinatorics is nonexistant.
So what?  There are plenty of bits there still.  If they really
are using 5600 bit keys, they can afford to lose some and still be
invulnerable to brute-force attacks.

What they have gained is the knowledge that their random number source
isn't broken.  If your RNG started spewing 0 bits by the thousand would
you say "This stream is just as likely as any other stream that I can
imagine so there is no problem", or "My RNG is broken".  Of course,
in nice mathematical abstractions your RNG never breaks, but we live in
a nasty world of thermal failiures and cold solder joints.