1995-08-01 - There’s a hole in your crypto, dear Eliza dear Eliza…

Header Data

From: Phil Fraering <pgf@tyrell.net>
To: hayden@krypton.mankato.msus.edu
Message Hash: bdaf2209b90bccfcd682e0b1cbdc3ad7f88c6bd141606f75e26992807afd31d6
Message ID: <199508010354.AA20144@tyrell.net>
Reply To: <Pine.ULT.3.91.950731222139.14616A-100000@krypton.mankato.msus.edu>
UTC Datetime: 1995-08-01 03:58:44 UTC
Raw Date: Mon, 31 Jul 95 20:58:44 PDT

Raw message

From: Phil Fraering        <pgf@tyrell.net>
Date: Mon, 31 Jul 95 20:58:44 PDT
To: hayden@krypton.mankato.msus.edu
Subject: There's a hole in your crypto, dear Eliza dear Eliza...
In-Reply-To: <Pine.ULT.3.91.950731222139.14616A-100000@krypton.mankato.msus.edu>
Message-ID: <199508010354.AA20144@tyrell.net>
MIME-Version: 1.0
Content-Type: text/plain


Why are the arguments on either side so emotional?

Because the alleged possible hole is located in the
random number generator portion of the code.

Random number generation (or more precisely, strong PRNG procedures)
are one of the "hot" buttons of this list in general: no matter how
strong the mechanism is, someone can postulate "a weakness in the
code" that produces "weak" PRN's or gigabuck NSA computers that can
reproduce arbitrary PRN streams. And noone can disprove anything.
Because nothing, really, can be "proved" to be random; it's that darn
halting problem again. All we have are "reasonable" expectations,
which aren't reasonable for a subset of the intended user group.

Okay... sometime this week I'll take a long look at the prng routines
in what PGP source code I have.

I'm doing this in order to keep an open mind, _not_ because I expect
to find anything.

Other than the labeled PRNG/RNG routines, what needs to be looked at?

Phil






Thread