Internet Privacy Guaranteed ad (POTP Jr.)
SINCLAIR DOUGLAS N
sinclai at ecf.toronto.edu
Thu Feb 22 09:31:43 PST 1996
> ...and note that IPG does us the favor of ensuring the keys conform to
> this elaborate battery of statistical tests. Thus, there are bunches
> of keys that "aren't random enough" and thus not among the set to be
> considered when trying to break one.
I wouldn't fault them on that. For example, let's say they have a
sample of 1000 bits. They count the number of 1 bits, and discard
any samples that have less than 450 or more than 550.
They have thrown away a number of bits of entropy here. Somewhere
between 10 and 100 at a guess -- my combinatorics is nonexistant.
So what? There are plenty of bits there still. If they really
are using 5600 bit keys, they can afford to lose some and still be
invulnerable to brute-force attacks.
What they have gained is the knowledge that their random number source
isn't broken. If your RNG started spewing 0 bits by the thousand would
you say "This stream is just as likely as any other stream that I can
imagine so there is no problem", or "My RNG is broken". Of course,
in nice mathematical abstractions your RNG never breaks, but we live in
a nasty world of thermal failiures and cold solder joints.
More information about the cypherpunks-legacy
mailing list