From: "Martin Diehl" <mdiehl@dttus.com>
Date: Tue, 17 Oct 95 10:25:56 PDT
To: cypherpunks@toad.com
Subject: Re: Using deterministic programs to select private RSA keys.
Message-ID: <9509178139.AA813958011@cc2.dttus.com>
MIME-Version: 1.0
Content-Type: text/plain


     norm@netcom.com(Norman Hardy) writes:
     
     Much has been said recently here about how to produce truly random 
     primes.
     [snip]
     The protocol is to accept a sequence of key strokes for printable 
     ASCII characters.
     [snip]
     
     I suggest that if you capture the time in microseconds between 
     keystrokes and insert the least significant 8 bits between the 
     corresponding characters (i. e. <letter1> <time2 - time1> <letter2> 
     <time3 - time2> <letter3> ... <letter nnn> <time until double CR - 
     time nnn>) and MD5 the set of values, the resulting "random" value 
     will be different for both people who type different input texts as 
     well as those people who type the same input text.
     
     It is important to be sure that you are accessing a true microsecond 
     clock (or other high resolution clock).  For example, in the IBM PC 
     architecture, the clock tic (basic time interrupt) is one per 18.2 
     milliseconds or 55 interrupts per second.  If you were using the clock 
     tic rate and a highly trained typist with a regular typing rate, the 
     interspersed time values might show a consistent set of values.  On 
     the other hand, use of a microsecond clock eliminates this problem.
     
     As regards the observation that MD5 produces only a 128 bit result, 
     you could call MD5 after each nn values (at least 16) have been 
     entered.  In that way a few lines of input and associated timing 
     values could easily generate a value of the same order of magnitude as 
     the number  of 1K primes.
      
     Martin G. Diehl