1996-02-22 - Re: Internet Privacy Guaranteed ad (POTP Jr.)

Header Data

From: SINCLAIR DOUGLAS N <sinclai@ecf.toronto.edu>
To: m5@dev.tivoli.com (Mike McNally)
Message Hash: c1af0df90aa6bd691e1e71bd953882b07f4cd130f154833cf8bec6a5fdda60ba
Message ID: <96Feb22.110840edt.10494@cannon.ecf.toronto.edu>
Reply To: <9602221320.AA16955@alpha>
UTC Datetime: 1996-02-22 17:31:43 UTC
Raw Date: Fri, 23 Feb 1996 01:31:43 +0800

Raw message

From: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Date: Fri, 23 Feb 1996 01:31:43 +0800
To: m5@dev.tivoli.com (Mike McNally)
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <9602221320.AA16955@alpha>
Message-ID: <96Feb22.110840edt.10494@cannon.ecf.toronto.edu>
MIME-Version: 1.0
Content-Type: text/plain


> ...and note that IPG does us the favor of ensuring the keys conform to
> this elaborate battery of statistical tests.  Thus, there are bunches
> of keys that "aren't random enough" and thus not among the set to be
> considered when trying to break one.

I wouldn't fault them on that.  For example, let's say they have a
sample of 1000 bits.  They count the number of 1 bits, and discard
any samples that have less than 450 or more than 550.

They have thrown away a number of bits of entropy here.  Somewhere
between 10 and 100 at a guess -- my combinatorics is nonexistant.
So what?  There are plenty of bits there still.  If they really
are using 5600 bit keys, they can afford to lose some and still be
invulnerable to brute-force attacks.

What they have gained is the knowledge that their random number source
isn't broken.  If your RNG started spewing 0 bits by the thousand would
you say "This stream is just as likely as any other stream that I can
imagine so there is no problem", or "My RNG is broken".  Of course,
in nice mathematical abstractions your RNG never breaks, but we live in
a nasty world of thermal failiures and cold solder joints.





Thread