Re: Doesn't security of SSL/TLS boil down to the 48-bit pre_master secret?
From: Mack (macckone_at_a_nospamjunk123_ol.com)
Date: Sun, 31 Jul 2005 04:41:51 GMT
On 30 Jul 2005 16:57:21 -0700, email@example.com wrote:
>Read the following article:
>"A 2048 bit RSA public key whose primes were selected by a PRNG seeded
>with a 32 bit seed will not be any stronger than a simple 32 bit key."
>Of course, they are assuming that both p and q are selected using one
>Lavarand is good but slow and the operation can be costly.
>The MRNG is fast, for example, it can roll out 50 Mbits in 687 CPU
>cycles. And no hardware maintenance problems.
A sound card can also be used to produce random numbers.
Most computers contain one already and code is available for
free. A 2048 bit key only requires 2044 bits of randomness
initially, plus some added randomness if the initial pair of
numbers is not prime. A sound card can easily produce
22KBits/sec of entropy. Most of the cycles used in
producing a random number are generally testing primality.
The speed of the RNG isn't that critical and a TRNG is preferred.
Producing RSA keys from a PRNG with a small seed is really
silly. NIST recommends a 160 bit seed for their PRNG of
choice. It makes more sense to start with each test number
made from a TRNG then XOR the appropriate bits with output
of a strong PRNG (seeded from a TRNG) until the number tests
Leslie 'Mack' McBride
remove text between _ marks to respond via e-mail