-----BEGIN PGP SIGNED MESSAGE----- Hello cypherpunks@toad.com and Christian Wettergren <cwe@Csli.Stanford.EDU> Christian Wettergren wrote: ...
One wild idea that I just got was to have servers and clients exchange random numbers (not seeds of course), in a kind of chaining way. Since ...
Okay, that doesn't sound so hard... Have a look at http://www.cs.monash.edu.au/cgi-bin/cgiwrap/~jirib/random?RandValue where you replace RandValue by any text string. Please do not try to break the implementation, I *know* you can overrun buffers, use shell metacharacters and generally stuff around. Just don't, OK? Thanks. Feel free to try to break the algorithm, though.
Problems: * watch out for "multiply by zero" attacks by a rogue server/client. * watch out for "almost singular values" in the same way.
Don't know about these...
* only let one source contribute a certain amount of randomness, like (key length)/(aver # of peers).
Well I don't keep track of entropy, so that doesn't apply, does it...
* never reveal your current seed, only a non-trivially derived random value from it. (of course)
I reveal md5 hash of my seed only.
* make sure your initial seed is good enough, or the whole thing is broken.
Well, entropy put in must be greater than entropy used or lost through cracked connections. (Ie not just "initial", also entropy put in along the way.) I fail this point either way.
* perhaps save part of the previous session state into a protected file, to be able to keep up the quality of the initial seed.
Yup, I do that (though "quality" would be quite a bit of a euphemism, and the file is hardly protected at all). Have fun! Jiri - -- <jirib@cs.monash.edu.au> <jiri@melb.dialix.oz.au> PGP 463A14D5 -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMGDnpixV6mvvBgf5AQEExQQAsqCTmTOI0aT7YBnCsYyvEp0y3gWFFZdf qbG5wvpFGvJMvRxn8A61AEeX0CkQ7ZLVDwAo4K6N+SGMeXDWKkUtHRBS1cHomgJP Kf98rFxHXp3SS1eXUKEyzlcY0zkXQ4wunR7nsBAlvVVPcexINZ2++2bFKyyUKNTm KZ39Fj1TEf4= =oC33 -----END PGP SIGNATURE-----