[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security Dynamics

To: Eric Hughes <[email protected]>
Subject: Re: Security Dynamics
From: Marc Horowitz <[email protected]>
Date: Mon, 12 Apr 1993 23:02:19 -0400
Cc: [email protected]
In-Reply-To: Your message of "Mon, 12 Apr 1993 09:49:55 PDT." <[email protected]>

>> Now, if the number changes every minute, that's a little over 10,000
>> samples in a week, certainly enough to determine if they are using
>> weak random number generation.

1) not true.  I read an article about a pseudorandom number generator
which appeared random to every test they used on it.  Then they went
and did a monte carlo simulation of something based on that prng.
Guess what?  It wasn't quite random enough.  Lesson: it can be *very*
hard to determine randomness.

2) The sequence is not random.  It is cryptographically pseudorandom.
This is very different.

3) A friend who has a significant math background in crypto stuff has
seen the Security Dynamics algorithms (under non-disclosure), and says
that they're credible.  That vouches for their theory.  That they
insist on programming the cards and keeping the keys themselves, and
that they do not allow you to program the cards yourself, is a major
problem, no matter how good their math is.

		Marc

Follow-Ups:
- Security Dynamics
  - From: Eric Hughes <[email protected]>

References:
- Security Dynamics
  - From: Eric Hughes <[email protected]>

Prev by Date: Re: how secure is secring.pgp?
Next by Date: Re: Security Dynamics
Prev by thread: Security Dynamics
Next by thread: Security Dynamics
Index(es):
- Date
- Thread