cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1993-10-14 - Re: New aproach in pgp-randomizer!!!

Header Data

From: Mike Ingle <MIKEINGLE@delphi.com>
To: cypherpunks@toad.com
Message Hash: c30c0447b8ce39a5bf92c99e833c40fc55ffd01f24114043909313c0d9da6eab
Message ID: <01H432GVY4HE91XV2I@delphi.com>
Reply To: N/A
UTC Datetime: 1993-10-14 05:36:53 UTC
Raw Date: Wed, 13 Oct 93 22:36:53 PDT

Raw message

From: Mike Ingle <MIKEINGLE@delphi.com>
Date: Wed, 13 Oct 93 22:36:53 PDT
To: cypherpunks@toad.com
Subject: Re: New aproach in pgp-randomizer!!!
Message-ID: <01H432GVY4HE91XV2I@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


blaster@kiae.su writes:

>Hello!

>Today I saw paraphysics randomizer in pgp:
>pgp -kg was run;
>it ask me about user id and passphrase;
>then it run generation (it wrote like this: ............ ++++);

>But, as we see, it did not ask about key typing!!! The most intresting
>pgp generate key pair and rendseed.bin-file. I thinck this is related to
>new topsecret paraphysics randomyser (today is 13.10.93).:)
>Some words about technical ditails:
>Hardwate - i486; Software - MS-DOS 3v30 (I boot from protected floppy and
>ran good antivitus utility before keypair generation). PGP 2v3a was run.
>I have expiriance in pgp (i maintain pgp-keys server).

>I keep keypair and randseed file and try to repiad this fantastic result,
>but paraphysic energy is go out :).

>Mr. Zimmermann, I hope, that this was really paraphysic (or my mistake:(),
>because the trust to crypt-program is very unstable thing.

This is not a bug. PGP times your keystrokes when you type your
key id and passphrase, using the timing information for randomness.
If it gets enough randomness from these keystrokes (i.e. if you type
a long id and passphrase), it does not need you to type randomly
because it already has enough random material to generate the key.
You can re-create this by choosing a short (384-bit) key, typing a
long id and passphrase, and typing slowly so that PGP gets a good
random byte from each keystroke. This does not make the key predictable
or cause a loss of security.

-------------------------------------------------------------------------

an42035@anon.penet.fi, writer of "FLAME: breaking DES":

anon wrote: (a rather crude and profane personal attack against
             Perry Metzger, which I have no intention of echoing)

Anonymous personal attacks usually say more about the attacker than
about the target. This one is no exception. You have a lot of nerve to talk
about Perry's  "balls" when you don't even have the "balls" to sign your
name to your flame against him. This attack is at about the same cowardly
level as most bathroom-wall graffiti.

P.S. Go ahead and flame me. My address is "mikeingle@delphi.com", make
sure you spell it right. The longer and more venomous your flame, the
bigger idiot you reveal yourself to be for wasting all that time in
taking an anonymous potshot at someone.

Thread