1993-04-13 - Security Dynamics

Header Data

From: Eric Hughes <hughes@soda.berkeley.edu>
To: cypherpunks@toad.com
Message Hash: 560ef01caec83e8a73b62ea986380412e329661a6b62581bfeb759489d80f57a
Message ID: <9304131525.AA14338@soda.berkeley.edu>
Reply To: <9304130302.AA02654@pad-thai.aktis.com>
UTC Datetime: 1993-04-13 15:29:10 UTC
Raw Date: Tue, 13 Apr 93 08:29:10 PDT

Raw message

From: Eric Hughes <hughes@soda.berkeley.edu>
Date: Tue, 13 Apr 93 08:29:10 PDT
To: cypherpunks@toad.com
Subject: Security Dynamics
In-Reply-To: <9304130302.AA02654@pad-thai.aktis.com>
Message-ID: <9304131525.AA14338@soda.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


>>> Now, if the number changes every minute, that's a little over 10,000
>>> samples in a week, certainly enough to determine if they are using
>>> weak random number generation.

>1) not true.  I read an article about a pseudorandom number generator
>which appeared random to every test they used on it.  [...] Lesson:
>it can be *very* hard to determine randomness.

The experiment I was proposing would possibly answer 'yes' to the
question "Is the number generation weak?"  It would not say how strong
it was, or even if it was strong.  it would, however, give some lower
bound on its strength or else show that it was in fact not very strong
at all.

>2) The sequence is not random.  It is cryptographically pseudorandom.
>This is very different.

Since we are talking about a device in which a sequence is duplicated
on two ends, I did not feel the need to belabor the difference between
pseudorandom and random.  The context makes it clear that this can't
be a random device based on a physically random process.

>3) A friend who has a significant math background in crypto stuff has
>seen the Security Dynamics algorithms (under non-disclosure), and says
>that they're credible.  

That bit of information may mean that a 10^4 sample test is not worth
doing.

>That vouches for their theory.  

That changes our trust from no trust at all into trust in your friend's
ability and your assessment of it. :-)

>That they
>insist on programming the cards and keeping the keys themselves, and
>that they do not allow you to program the cards yourself, is a major
>problem, no matter how good their math is.

Granted.  Their keeping the keys is worth, say, using a linear
congruential generator (or worse) in terms of overall security.

I was merely curious as to whether they were fools on all fronts, as
opposed just to the secrecy front.

Eric





Thread