geeman@best.com[SMTP:geeman@best.com] writes: Another thinking step: most real-world DES keys are derived from hashes. Not (P)RNGs. The distributions are **not** uniform. Oh?? I am talking about FAMILIES of predictable bit patterns in keys, not any specific pattern. I'm doing the stats. [...snip...]

If you've discovered significant biases in MD5, or some other crypto-strength hash, that could be exploited to speed a keyspace search, that would be newsworthy indeed. I'm skeptical, but please share your results with us. [For context, Mike McNally wrote, in part]

[...] a good 32-bit CSPRNG has only a 1/2^32 chance of producing any particular bit pattern. Of course, another way of saying that is that it's just as likely to get an "obvious" bit pattern as it is to get any other one. You can't just throw away part of the keyspace based on such bogus reasoning. (There may be other reasons to throw away part of the keyspace, of course.)

Tunny ====================================================================== James A. Tunnicliffe | WWWeb: http://www.inference.com/~tunny Inference Corporation | PGP Fingerprint: CA 23 E2 F3 AC 2D 0C 77 tunny@Inference.com | 36 07 D9 33 3D 32 53 9C ======================================================================