From: norm@netcom.com (Norman Hardy)
To: Derek Atkins <klp@gold.tc.umn.edu>
Message Hash: fecb17e43922c78dde698da70a8d15b077565d95b3fb9c108e792aec22b65246
Message ID: <acd6488c0102100451b8@DialupEudora>
Reply To: N/A
UTC Datetime: 1995-11-20 15:51:31 UTC
Raw Date: Mon, 20 Nov 1995 23:51:31 +0800
From: norm@netcom.com (Norman Hardy)
Date: Mon, 20 Nov 1995 23:51:31 +0800
To: Derek Atkins <klp@gold.tc.umn.edu>
Subject: Re: Good Enough?
Message-ID: <acd6488c0102100451b8@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain
At 1:24 PM 11/14/95, Derek Atkins wrote:
>Hi.
>
>First, I must warn you that generating keys on behalf of users is in
>general a very bad thing to do. Instead, you might want to provide a
>simple way for users to generate keys and get them certified. The
>biggest problem is that there is not an easy way to get a good set of
>random numbers on a server platform. On the other hand, users can get
>a great deal of randomness on their own client machines. If they can
>run netscape, then they can run PGP.
....
I don't like to harp on this but you have stated the scenario so clearly,
that I ask:
If the user cannot trust you to generate keys for him, why should
he trust the code that you provide to him? That code can have
errors like the old Netscape code except planted on purpose so
that the private key is guessable in 2^40 tries.
There are two answers, I think.
The code is public and the user
hopes that any flaws will be publicized.
The second is to use keyed information (not timing but character
information) to provide the random seed. That is the idea behind
my post a few weeks ago:
"Using deterministic programs to select private RSA keys"
Some may find that method less hazardous then trusting the culture
of publishing flaws in code.
I can forward that posting to anyone interested.
Return to November 1995
Return to “norm@netcom.com (Norman Hardy)”
1995-11-20 (Mon, 20 Nov 1995 23:51:31 +0800) - Re: Good Enough? - norm@netcom.com (Norman Hardy)