VACCINIA@UNCVX1.OIT.UNC.EDU wrote:
The text that I typed as an example (not an actual PGP message) does seem to have many repeating characteristics; I wonder if this affects the generation of PGP keys? If Matt tends to hit 'sadf' alot, maybe it happens with others as well. Perhaps random typing is not as random as one might think. Could this be true for both letters and keystroke time? What would be the consequences of this for key generation?
Actually, as you learn to type certain words or phrases very well, your keystrokes do become very regular. Many years ago, (around 1988 or so) there was a popular online game called Spacer's Quest, which used keyboard timings for random numbers. Many people who played the game regularly started noticing that they would repeatedly find the same things in the same places, even tho it was supposed to be random, because they were habitually responding to the prompts almost the same way every time. However, I suspect that this was an extreme example, since the anti-random effect was intensified by slow modems, which could not convey timing differences of less than 1/240 of a second at 2400 bps or no less than 1/120 of a second at 1200 bps. This probably would not happen with PGP, because on the local console you could measure timing differences of a few millionths of a second (well, at least less than a thousandth of a second), and it is very difficult to be that precise in typing something the same way twice. Besides, even if your typing caused the same public key to be generated twice (highly unlikely), that doesn't help anybody else generate it.