There's a hole in your crypto, dear Eliza dear Eliza...

Phil Fraering pgf at tyrell.net
Mon Jul 31 20:58:44 PDT 1995


Why are the arguments on either side so emotional?

Because the alleged possible hole is located in the
random number generator portion of the code.

Random number generation (or more precisely, strong PRNG procedures)
are one of the "hot" buttons of this list in general: no matter how
strong the mechanism is, someone can postulate "a weakness in the
code" that produces "weak" PRN's or gigabuck NSA computers that can
reproduce arbitrary PRN streams. And noone can disprove anything.
Because nothing, really, can be "proved" to be random; it's that darn
halting problem again. All we have are "reasonable" expectations,
which aren't reasonable for a subset of the intended user group.

Okay... sometime this week I'll take a long look at the prng routines
in what PGP source code I have.

I'm doing this in order to keep an open mind, _not_ because I expect
to find anything.

Other than the labeled PRNG/RNG routines, what needs to be looked at?

Phil







More information about the cypherpunks-legacy mailing list