From: timd@consensus.com (Tim Dierks)
To: jf_avon@citenet.net
Message Hash: 4c4f2cfcf13af56782519b434323ae87fadb1d2e1975ce9784fb81bfb848503e
Message ID: <v02140b02ad9f9d2812ba@[206.170.39.104]>
Reply To: N/A
UTC Datetime: 1996-04-21 11:57:36 UTC
Raw Date: Sun, 21 Apr 1996 19:57:36 +0800
From: timd@consensus.com (Tim Dierks)
Date: Sun, 21 Apr 1996 19:57:36 +0800
To: jf_avon@citenet.net
Subject: Re: PGP's +makerandom is broken (was: Re: Article on PGP flaws)
Message-ID: <v02140b02ad9f9d2812ba@[206.170.39.104]>
MIME-Version: 1.0
Content-Type: text/plain
At 10:52 PM 4/20/96, Jeffrey I. Schiller wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>On April 16, 1996 jf_avon@citenet.net said:
>> I fed the result of
>> pgp +makerandom=2000 rnd.pgp
>> into noisesphere.exe
>>
>> Every times, it gives a distribution that looks like a zebra from the
>> top view. Any comments?
>
>This is a bug in PGP. +makerandom doesn't work properly. I discovered
>this a few week ago myself when I needed some random numbers for
>another project. Due to a programming bug, the idea based random number
>generator doesn't get initialized (read: doesn't get seeded at all)
>when +makerandom is used. Note: +makerandom is an undocumented feature.
>
>IMPORTANT: Only +makerandom is effected. In normal use PGP properly
>generates random session keys as well as RSA public key pairs.
>
> -Jeff
As true as this may be, it doesn't explain the original posters problem;
unseeded IDEA should generate data that looks every bit as random as data
which was fully seeded (otherwise IDEA leaks information). This should
raise a question regarding the utility of any post-facto measurement of
entropy; the stream of bits generate by IDEA encrypting zero values in CBC
mode with a key of zero clearly has little, if any, entropy, but the data
generated should be indistinguishable from true random data by all
statistical and pattern-recognition tests. See the discussion on
coderpunks.
Basically, to get crypto-quality random numbers:
1) Use a secure generator; any secure block cipher or hash function will do.
2) Seed it well. This is entirely specific to your situation & platform,
and is unmeasurable for practical purposes.
- Tim
Tim Dierks timd@consensus.com
Consensus Development http://www.consensus.com
Return to April 1996
Return to “timd@consensus.com (Tim Dierks)”
1996-04-21 (Sun, 21 Apr 1996 19:57:36 +0800) - Re: PGP’s +makerandom is broken (was: Re: Article on PGP flaws) - timd@consensus.com (Tim Dierks)