[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Using deterministic programs to select private RSA keys.
[email protected](Norman Hardy) writes:
Much has been said recently here about how to produce truly random
primes.
[snip]
The protocol is to accept a sequence of key strokes for printable
ASCII characters.
[snip]
I suggest that if you capture the time in microseconds between
keystrokes and insert the least significant 8 bits between the
corresponding characters (i. e. <letter1> <time2 - time1> <letter2>
<time3 - time2> <letter3> ... <letter nnn> <time until double CR -
time nnn>) and MD5 the set of values, the resulting "random" value
will be different for both people who type different input texts as
well as those people who type the same input text.
It is important to be sure that you are accessing a true microsecond
clock (or other high resolution clock). For example, in the IBM PC
architecture, the clock tic (basic time interrupt) is one per 18.2
milliseconds or 55 interrupts per second. If you were using the clock
tic rate and a highly trained typist with a regular typing rate, the
interspersed time values might show a consistent set of values. On
the other hand, use of a microsecond clock eliminates this problem.
As regards the observation that MD5 produces only a 128 bit result,
you could call MD5 after each nn values (at least 16) have been
entered. In that way a few lines of input and associated timing
values could easily generate a value of the same order of magnitude as
the number of 1K primes.
Martin G. Diehl