1995-07-31 - Re: your mail

Header Data

From: fc@all.net (Dr. Frederick B. Cohen)
To: asb@nexor.co.uk (Andy Brown)
Message Hash: 87336898ac95ac140366d3da2441f9ac04811ac496eb021883d387fd4758f623
Message ID: <9507311434.AA25514@all.net>
Reply To: <Pine.SOL.3.91.950731132625.27376C-100000@eagle.nexor.co.uk>
UTC Datetime: 1995-07-31 14:43:38 UTC
Raw Date: Mon, 31 Jul 95 07:43:38 PDT

Raw message

From: fc@all.net (Dr. Frederick B. Cohen)
Date: Mon, 31 Jul 95 07:43:38 PDT
To: asb@nexor.co.uk (Andy Brown)
Subject: Re: your mail
In-Reply-To: <Pine.SOL.3.91.950731132625.27376C-100000@eagle.nexor.co.uk>
Message-ID: <9507311434.AA25514@all.net>
MIME-Version: 1.0
Content-Type: text

> As I'm sure you know, PGP picks its primes by choosing a random starting 
> point and testing each odd number upwards until it gets a probable 
> prime.  The random number generator used to seed this search is mixed 
> using MD5 which gives a uniform 1/0 distribution.  I'd hazard a guess 
> that the chances of a start point having so many contiguous 1's as to be 
> close to 2^N is so vanishingly small that it's more likely a 
> non-prime would pass the probabalistic tests!

Well, not exactly random starting points.  Starting points generated by
user keystrokes with characteristics that may be analyzed so as to
reduce the key space to a searchable size, starting points that are
determined by a transformation of those keystroke sequences using an
algorithm, starting points that are determined by an algorithm that uses
a deterministic (albeit complex) algorithm which performs input and
output based on timeslices and interrupt mechanisms and queues that may
tend to alter the statistics of arrival times.

> I suppose if I were really paranoid I'd feed in fixed starting points
> for the search to MIT PGP and PGP 2.6.2 to make sure that they come out 
> with the same keys.

The term paranoid is inappropriate in this context.  Paranoia refers to
an irrational fear, while I am expressing a rational concern over a
system that has been taken over by a (partially) government funded
university and which has not been properly verified.  The history of
cryptography (as they say) is (quite literally) littered with the dead
bodies of people killed because somebody else thought a cryptosystem was
good enough when it was not. 

-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236