From: Matthew J Ghio <mg5n+@andrew.cmu.edu>
Date: Thu, 14 Oct 93 17:30:00 PDT
To: cypherpunks@toad.com
Subject: Re: SADF
In-Reply-To: <01H43RKY0IVM000NKJ@UNCVX1.OIT.UNC.EDU>
Message-ID: <QgjSswq00awVAXWWAi@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


VACCINIA@UNCVX1.OIT.UNC.EDU wrote:

> The text that I typed as an example (not an actual PGP message) does
> seem to have many repeating characteristics; I wonder if this affects the
> generation of PGP keys? If Matt tends to hit 'sadf' alot, maybe it
> happens with others as well. Perhaps random typing is not as random
> as one might think. Could this be true for both letters and keystroke
> time? What would be the consequences of this for key generation?

Actually, as you learn to type certain words or phrases very well, your
keystrokes do become very regular.  Many years ago, (around 1988 or so)
there was a popular online game called Spacer's Quest, which used
keyboard timings for random numbers.  Many people who played the game
regularly started noticing that they would repeatedly find the same
things in the same places, even tho it was supposed to be random,
because they were habitually responding to the prompts almost the same
way every time.  However, I suspect that this was an extreme example,
since the anti-random effect was intensified by slow modems, which could
not convey timing differences of less than 1/240 of a second at 2400 bps
or no less than 1/120 of a second at 1200 bps.
This probably would not happen with PGP, because on the local console
you could measure timing differences of a few millionths of a second
(well, at least less than a thousandth of a second), and it is very
difficult to be that precise in typing something the same way twice. 
Besides, even if your typing caused the same public key to be generated
twice (highly unlikely), that doesn't help anybody else generate it.