Re: Doesn't security of SSL/TLS boil down to the 48-bit pre_master secret?

From: Mack (macckone_at_a_nospamjunk123_ol.com)
Date: 07/31/05

• Next message: John Savard: "Re: Sometimes Terrorists can be Unimaginative"
• Previous message: Shannon Appel: "[SSL-Talk List FAQ] Secure Sockets Layer Discussion List FAQ v1.1.1"
• In reply to: a.manansala_at_attbi.com: "Re: Doesn't security of SSL/TLS boil down to the 48-bit pre_master secret?"
• Next in thread: David Wagner: "Re: Doesn't security of SSL/TLS boil down to the 48-bit pre_master secret?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 31 Jul 2005 04:41:51 GMT

On 30 Jul 2005 16:57:21 -0700, a.manansala@attbi.com wrote:

>Read the following article:
>
>http://www.lavarnd.org/what/impervious.html
>
>"A 2048 bit RSA public key whose primes were selected by a PRNG seeded
>with a 32 bit seed will not be any stronger than a simple 32 bit key."
>
>Of course, they are assuming that both p and q are selected using one
>seed.
>
>Lavarand is good but slow and the operation can be costly.
>
>The MRNG is fast, for example, it can roll out 50 Mbits in 687 CPU
>cycles. And no hardware maintenance problems.

A sound card can also be used to produce random numbers.
Most computers contain one already and code is available for
free. A 2048 bit key only requires 2044 bits of randomness
initially, plus some added randomness if the initial pair of
numbers is not prime. A sound card can easily produce
22KBits/sec of entropy. Most of the cycles used in
producing a random number are generally testing primality.
The speed of the RNG isn't that critical and a TRNG is preferred.
Producing RSA keys from a PRNG with a small seed is really
silly. NIST recommends a 160 bit seed for their PRNG of
choice. It makes more sense to start with each test number
made from a TRNG then XOR the appropriate bits with output
of a strong PRNG (seeded from a TRNG) until the number tests
prime.

Leslie 'Mack' McBride
remove text between _ marks to respond via e-mail

---

• Next message: John Savard: "Re: Sometimes Terrorists can be Unimaginative"
• Previous message: Shannon Appel: "[SSL-Talk List FAQ] Secure Sockets Layer Discussion List FAQ v1.1.1"
• In reply to: a.manansala_at_attbi.com: "Re: Doesn't security of SSL/TLS boil down to the 48-bit pre_master secret?"
• Next in thread: David Wagner: "Re: Doesn't security of SSL/TLS boil down to the 48-bit pre_master secret?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: distinguish TRNG from PRNG ... Are you talking about a TRNG, a PRNG, or a combination? ... The problem with restricting the bit rate to the randomness of the TRNG is ... >> radio interference. ... (sci.crypt) Re: distinguish TRNG from PRNG ... This is a reply to multiple posts by multiple ... sampling a long time and correcting for the bias. ... TRNG idea out the window. ... A PRNG has a very known bias that is easily ... (sci.crypt) Re: distinguish TRNG from PRNG ... idealized concept of a TRNG that does not exist in real form. ... design a hardware "TRNG", you then have to ensure it is free of bias at DC ... I will take the PRNG any day. ... > to reproducibility. ... (sci.crypt) Re: Random number sequences ... I have an 8 bit random number generator that produces a maximum ... Pseudo-RNG (PRNG) The difference may or may not be inportant. ... you are using a PRNG then the fact that the PRNG repeat length is ... entropy from the TRNG as a TRNG is likely to be slow while a PRNG can ... (sci.math) Re: distinguish TRNG from PRNG ... >> make a TRNG, you will almost always introduce biases. ... A PRNG has a very known bias that is easily ... This potential can be rather remote using methods such as ... PRNG should be cheap and yet very effective. ... (sci.crypt)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > sci.crypt  > 2005-07