RE: key material
From: Don Parker (dparker_at_rigelksecurity.com)
Date: 04/23/04
- Previous message: Clint Bodungen: "Re: unpacking UPX or PE-packed binaries"
- Maybe in reply to: Greg Kilford: "key material"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 23 Apr 2004 16:01:24 -0400 (EDT) To: "Burton M. Strauss III" <BStrauss@acm.org>, <vuln-dev@securityfocus.com>
Hello, well as you mentioned yes the initial fill of the prng will dictate the length of
the lrs (linear recursive sequence) ie: an R6. So the initial fill of the R6 could be
like 010011. That being said you also get into maximal and non-maximal length lrs's as
well. You can also get into specific tap points as well on the prng. I would suggest you
head down to www.security-forums.com and post in the crypto forum. There is a guy there
called JustinT who is very much a crypto guru.
Cheers,
Don
-------------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
www.rigelksecurity.com
ph :613.249.8340
fax:613.249.8319
--------------------------------------------
On Apr 23, "Burton M. Strauss III" <BStrauss@acm.org> wrote:
Remember, while a PRNG may GENERATE more bits, the initial random pool caps
the total randomness.
Suppose you generate 5 numbers using any PRNG you like. If the seed is only
1 bit(0 or 1), there are only TWO patterns you will see. Period. If the
seed is two bits, there are 4 patterns, etc.
This surfaced recently in some of the lottery machines - small seed space
and the machines were frequently reset - meaning that the 'quick pick'
tickets covered only a small % of the number space.
-----Burton
> -----Original Message-----
> From: Greg Kilford [mailto:greg_kilford@hotmail.com]
> Sent: Thursday, April 22, 2004 12:29 PM
> To: vuln-dev@securityfocus.com
> Subject: key material
>
>
> Hi everyone,
>
> I was juz discussing with my pals the other day on the
> appropriate initial
> input bit size to seed a PRNG of the structure below for it to be used to
> generate the random bits for RSA key material of modulus 1024
> bits or 2048
> bits. Anyone know what would be the ideal length/size of A so
> that there is
> sufficient entropy to generate the key material for RSA 1024/2048
> bits keys?
>
> A: Initial input seed of x bit size and fed into the 3DES x9.17
> PRNG in 64
> bit blocks.
> B: A constant key of 128 bits (112 bits effective). Does not change with
> each loop of output block O.
> C: Initialization vector - 64 bits size with initial fixed value and fed
> back with each loop.
> O: Output of 64 bit block with each loop for RSA 1024/2048 key material.
>
> Initial total of x bits as seed
> (feeding in 64-bit block feed)
> A
> |
> \|/
> x9.17 PRNG V
> ----------------------
> | |
> | |<------ B (128bits with 112 bits effective)
> : Constant
> value for all loops
> | |
> | 3DES |
> | |
> | |<-------
> | | |
> ---------------------- |
> | | | C (64 bit IV) : Initial fixed IV.
> Changed/feedback with every loop.
> | | |
> | -----------|
> |
> \|/
> V
> O
> Output Random Stream
> (in 64 bit blocks)
>
> _________________________________________________________________
> MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
> <a href='http://join.msn.com/?page=features/virus'>http://join.msn.com/?
page=features/virus</a>
>
- Previous message: Clint Bodungen: "Re: unpacking UPX or PE-packed binaries"
- Maybe in reply to: Greg Kilford: "key material"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
