[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can NSA crack PGP?

To: [email protected] (Phil Karn)
Subject: Re: Can NSA crack PGP?
From: Derek Atkins <[email protected]>
Date: Tue, 23 Nov 93 04:20:32 EST
Cc: [email protected], [email protected]
In-Reply-To: Your message of Tue, 23 Nov 93 00:59:47 -0800. <199311230859.AAA05134@servo>

> I think this is less of a problem. Given a good cryptograpic hash
> function, I would simply hash *all* of the clock bits, without regard
> to which are the "hottest" ones. If (important 'if') there is
> sufficient total entropy in the input bits, hashing should effectively
> "distill" the input entropy into the output bits.

True.  In fact, PGP does this.  However, the problem is knowing how
much raw data you need in order to get enough entropy into the system.
That is the hardest part.  For example, say that only one bit is
random for every 8 you get.  That is a very big difference than if 6
of the 8 bits were truely random.  And each machine-type is different!

Yes, you don't really need to know which bits are the hot-bits, but
you need to know how many hot-bits/byte you have, and this is machine
specific.  You could always deal worst-case, in which you assume the
worst machine-type and on machines with better hot-bit ratios you just
get extra entropy.  (That never hurts).

-derek

References:
- Can NSA crack PGP?
  - From: [email protected] (Phil Karn)

Prev by Date: Can NSA crack PGP?
Next by Date: Re: Zen Master
Prev by thread: Can NSA crack PGP?
Next by thread: Can NSA crack PGP?
Index(es):
- Date
- Thread