1995-09-21 - Exchange random numbers (was: Re: netscape’s response)

Header Data

From: Jiri Baum <jirib@cs.monash.edu.au>
To: cwe@Csli.Stanford.EDU (Christian Wettergren)
Message Hash: d3ba220e4c410b40d8e04d3c53f3afe5fd0482e11a4c71f023025f7b5d3c2685
Message ID: <199509210419.OAA28994@molly.cs.monash.edu.au>
Reply To: <199509200729.AAA24565@Csli.Stanford.EDU>
UTC Datetime: 1995-09-21 04:23:36 UTC
Raw Date: Wed, 20 Sep 95 21:23:36 PDT

Raw message

From: Jiri Baum <jirib@cs.monash.edu.au>
Date: Wed, 20 Sep 95 21:23:36 PDT
To: cwe@Csli.Stanford.EDU (Christian Wettergren)
Subject: Exchange random numbers (was: Re: netscape's response)
In-Reply-To: <199509200729.AAA24565@Csli.Stanford.EDU>
Message-ID: <199509210419.OAA28994@molly.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello cypherpunks@toad.com
  and Christian Wettergren <cwe@Csli.Stanford.EDU>
 
Christian Wettergren wrote:
...
> One wild idea that I just got was to have servers and clients exchange
> random numbers (not seeds of course), in a kind of chaining way. Since
...

Okay, that doesn't sound so hard...

Have a look at
http://www.cs.monash.edu.au/cgi-bin/cgiwrap/~jirib/random?RandValue
where you replace RandValue by any text string.

Please do not try to break the implementation, I *know* you can overrun
buffers, use shell metacharacters and generally stuff around.
Just don't, OK? Thanks.

Feel free to try to break the algorithm, though.


> Problems:
> * watch out for "multiply by zero" attacks by a rogue server/client.
> * watch out for "almost singular values" in the same way.

Don't know about these...

> * only let one source contribute a certain amount of randomness, like
>   (key length)/(aver # of peers).

Well I don't keep track of entropy, so that doesn't apply, does it...

> * never reveal your current seed, only a non-trivially derived random 
>   value from it. (of course)

I reveal md5 hash of my seed only.

> * make sure your initial seed is good enough, or the whole thing is
>   broken.

Well, entropy put in must be greater than entropy used or lost through
cracked connections. (Ie not just "initial", also entropy put in along
the way.)

I fail this point either way.

> * perhaps save part of the previous session state into a protected
>   file, to be able to keep up the quality of the initial seed.

Yup, I do that (though "quality" would be quite a bit of a euphemism, and
the file is hardly protected at all).


Have fun!

Jiri
- --
<jirib@cs.monash.edu.au>     <jiri@melb.dialix.oz.au>     PGP 463A14D5

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMGDnpixV6mvvBgf5AQEExQQAsqCTmTOI0aT7YBnCsYyvEp0y3gWFFZdf
qbG5wvpFGvJMvRxn8A61AEeX0CkQ7ZLVDwAo4K6N+SGMeXDWKkUtHRBS1cHomgJP
Kf98rFxHXp3SS1eXUKEyzlcY0zkXQ4wunR7nsBAlvVVPcexINZ2++2bFKyyUKNTm
KZ39Fj1TEf4=
=oC33
-----END PGP SIGNATURE-----




Thread