Truelly Random Numbers
Adam Shostack
adam at lighthouse.homeport.org
Sat Mar 2 12:20:06 PST 1996
A. Padgett Peterson P.E. Information Security wrote:
| >The number of randomly selected 768 bit primes that you would need for a
| >reasonable chance of a birthday collision is 1.708E104
|
| True however the current mechanism of generating PGP keys which consists
| primarily of pseudo-randomly pounding on a keyboard is hardly "truely random.
|
| Have no idea of the true number but expect it to be significantly less than
| that quoted above, even for a 1024 bit key like mine.
Accroding to Stephan Neuhaus's 'Statistical Properties of IDEA
session keys in PGP,' the session keys are very well distributed, when
tested for equidistribution and serial correlation.
This does not demonstrate that the RSA keys are as well
distributed, but it does generate some confidence that the key
generation methods of PGP are not very broken. Testing for RSA
generation would be more difficult, since there are some practical
difficulties in getting a large sample of RSA private keys.
Stephan Neuhaus is neuhaus at informatik.uni-kl.de. He has a long (24
page), and short (8? page) version of the paper available.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
More information about the cypherpunks-legacy
mailing list