[Discuss] KeePassX

[Richard Pieri]

Edward Ned Harvey (blu) wrote:
> But guess what.  That's why puttygen and truecrypt don't rely on the
> kernel prng for key generation.  They require you to generate your
> own entropy via mouse control.

Which is no guarantee of any sort at all. Fact is, even people with the 
mathematical chops to recognize weaknesses in high-level PRNGs aren't 
necessarily going to actually recognize them. Case in point: RSA's 
reversal on Dual EC DRBG which had been RSA's default algorithm for a 
long time.


> the reason we have said if you want n bits of security, every
> cryptographic value should be at least 2n bits long.  If you use 256

If the algorithm or PRNG that you use has an exploitable weakness then 
it doesn't matter how many bits your keys are. You could use 10000 bits 
worth of keys with stock RC4 and attacks against it will still be in 
near real time because of flaws in the stock algorithm. If you use a 
deterministic PRNG like Dual EC DRBG then it doesn't matter what 
encryption algorithm you use or how large your keys are because your 
data is not actually encrypted; it's obfuscated by a deterministic 
pattern of numbers.

The only real, technical benefit to doubling key size is to slow down 
brute force attacks or large prime factorizations.

-- 
Rich P.