Re: Good Program That Creates OTPs?

From: Matthew Skala (mskala_at_ansuz.sooke.bc.ca)
Date: 12/14/03


Date: 14 Dec 2003 11:00:55 -0500

In article <Y3VydHdpbGw=.dccc7416dbfc8deac3b241d0df897ea9@1071334809.cotse.net>,
Hillary Clinton <no-one@nowhere.com> wrote:
>Janet managed to get her finger out of my twat long enough to tell me that
>/dev/random is a PRNG- whatever that is. She said that's what Bill depended

/dev/random and /dev/urandom are the output ports of an entropy-pool true
random number generator similar in design to Counterpane's Yarrow.
/dev/random is the one that blocks in order to only output as much
randomness as is available; its output should be considered truly random.
/dev/urandom is more like a PRNG.

>Do a google seach and you'll find a mechanism to create your own random
>stream using a simple Geiger counter and a luminous dial from a watch or

I'd trust /dev/random, which has been examined by a lot of people, in
preference to something homemade. One could combine the two,
though, by building the Geiger-counter device and feeding its output into
the /dev/random entropy pool. The resulting construction would be at
least as secure as secure as /dev/urandom (assuming the Geiger-counter
device's output is completely insecure) and also at least as secure as
the Geiger-counter device's output (assuming the other inputs to
/dev/random are insecure). That's almost certainly secure enough.

>I'm not certain why you only need to randomize the numbers between 0 and
>9999, or whatever.

It was not me who wanted to do that.

>Here's another idea for you. Download both a 10 meg file and a one meg file.
>Hash the 1 meg file after adding a large phrase as salt. Then use the output
>from SHA-512 as the encryption key to crate the pad. You didn't start off
>with a secret file, but I bet it's pretty random and secret by now.

A file downloaded from the Net is not secret. The hash of a such a
file is not secret. You can't take public numbers and turn them into
something "random and secret" by applying a public, deterministic
function. The procedure your describe is not secure, and you know
it. Plonk.

-- 
Matthew Skala
mskala@ansuz.sooke.bc.ca                    Embrace and defend.
http://ansuz.sooke.bc.ca/


Relevant Pages

  • Re: When collisions dont matter
    ... would I want my hash function to have it anyway?" ... function is secret, ... something like HMAC, not a raw hash, anyway. ... belong to that user, but still, this isn't the most secure place to keep ...
    (sci.crypt)
  • Re: secure client-side platform
    ... we are talking about how to do critical secret communication in a secure ... assuming enemy do not have control over the trusted server itself, ... What about client software vulnerabilities? ... how to have a secure client-side platform for secret communication? ...
    (Bugtraq)
  • Re: Distributing user-developed Linux software and licensing issues.
    ... that makes almost uncrackable encryption is no secret, ... In this case being open-source is more secure. ... That can be automated to generate the clients ... > Do open source web servers include the full source to ...
    (Fedora)
  • Re: Why would I install SP2?
    ... First and foremost is Common Sense ... > Testy wrote: ... I cannot depend on MS to secure my computer it is MY ... > What's the secret? ...
    (microsoft.public.windowsxp.general)
  • Re: Are natural languages secure ciphers?
    ... the police would be useless too since the police wouldn't do their job. ... locksmith would probably sell secret copies of your keys on the black ... claims something is "always 100% secure". ...
    (sci.crypt)