blaster@kiae.su writes:
Hello!
Today I saw paraphysics randomizer in pgp: pgp -kg was run; it ask me about user id and passphrase; then it run generation (it wrote like this: ............ ++++);
But, as we see, it did not ask about key typing!!! The most intresting pgp generate key pair and rendseed.bin-file. I thinck this is related to new topsecret paraphysics randomyser (today is 13.10.93).:) Some words about technical ditails: Hardwate - i486; Software - MS-DOS 3v30 (I boot from protected floppy and ran good antivitus utility before keypair generation). PGP 2v3a was run. I have expiriance in pgp (i maintain pgp-keys server).
I keep keypair and randseed file and try to repiad this fantastic result, but paraphysic energy is go out :).
Mr. Zimmermann, I hope, that this was really paraphysic (or my mistake:(), because the trust to crypt-program is very unstable thing.
This is not a bug. PGP times your keystrokes when you type your key id and passphrase, using the timing information for randomness. If it gets enough randomness from these keystrokes (i.e. if you type a long id and passphrase), it does not need you to type randomly because it already has enough random material to generate the key. You can re-create this by choosing a short (384-bit) key, typing a long id and passphrase, and typing slowly so that PGP gets a good random byte from each keystroke. This does not make the key predictable or cause a loss of security. ------------------------------------------------------------------------- an42035@anon.penet.fi, writer of "FLAME: breaking DES": anon wrote: (a rather crude and profane personal attack against Perry Metzger, which I have no intention of echoing) Anonymous personal attacks usually say more about the attacker than about the target. This one is no exception. You have a lot of nerve to talk about Perry's "balls" when you don't even have the "balls" to sign your name to your flame against him. This attack is at about the same cowardly level as most bathroom-wall graffiti. P.S. Go ahead and flame me. My address is "mikeingle@delphi.com", make sure you spell it right. The longer and more venomous your flame, the bigger idiot you reveal yourself to be for wasting all that time in taking an anonymous potshot at someone.