1995-08-01 - Re: a hole in PGP? NOT!

Header Data

From: lmccarth@cs.umass.edu (L. McCarthy)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Message Hash: 66d45142b9c037d3378c4a629f55daf410815ee3b44e151f4a62670c54a1e45b
Message ID: <9508010900.AA21295@cs.umass.edu>
Reply To: <199508010658.CAA18603@charon.MIT.EDU>
UTC Datetime: 1995-08-01 09:01:03 UTC
Raw Date: Tue, 1 Aug 95 02:01:03 PDT

Raw message

From: lmccarth@cs.umass.edu (L. McCarthy)
Date: Tue, 1 Aug 95 02:01:03 PDT
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: a hole in PGP?  NOT!
In-Reply-To: <199508010658.CAA18603@charon.MIT.EDU>
Message-ID: <9508010900.AA21295@cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain

RFC 1750 says:
# "...Choosing random quantities to foil a resourceful and motivated
# adversary is surprisingly difficult.  ...recommends the use of truly
# random hardware techniques and shows that the existing hardware on many
# systems can be used for this purpose."

Dr. Frederick B. Cohen writes:
$ PGP does not use "truly random hardware techniques"

I wrote:
% Correct.

Derek Atkins writes:
> Oh?  It doesnt?  How can you say that?  In what way does it not do
> this?  The RFC states, in your quote, that "existing hardware on many
> systems can be used" for truly random hardware techniques.  Please,
> substantiate your claim that PGP does not do this.  Show me code
> segments which show it does not.  Show me an analysis that goes
> contrary to the RFC.

Warning: I'm about to quibble over semantics. I'm not being accused of being
a NSA lackey (yet), so I guess I have more time for pettiness ;)

In the context of RFC 1750, it appears to me that the phrase "truly random
hardware techniques" does not refer to the type of RNG method employed in
PGP. Section 5.3 discusses the use of built-in digitizers of analog natural
sources, and turbulence in disk drive chambers, as the "truly random" 
"existing hardware" techniques. Keystroke timing only seems to fall under
6.2, Non-Hardware Sources of Randomness.

5.3 Existing Hardware Can Be Used For Randomness

   As described below, many computers come with hardware that can, with
   care, be used to generate truly random quantities.

5.3.1 Using Existing Sound/Video Input
5.3.2 Using Existing Disk Drives
6.2 Non-Hardware Sources of Randomness

   The best source of input for mixing would be a hardware randomness
   such as disk drive timing affected by air turbulence, audio input
   with thermal noise, or radioactive decay.  However, if that is not
   available there are other possibilities.  These include system
   clocks, system or input/output buffers, user/system/hardware/network
   serial numbers and/or addresses and timing, and user input. 

-Futplex <futplex@pseudonym.com>
"We love our lovin' -- but not like we love our freedom" -Joni Mitchell