Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Edward Ned Harvey (blu) wrote: > But guess what. That's why puttygen and truecrypt don't rely on the > kernel prng for key generation. They require you to generate your > own entropy via mouse control. Which is no guarantee of any sort at all. Fact is, even people with the mathematical chops to recognize weaknesses in high-level PRNGs aren't necessarily going to actually recognize them. Case in point: RSA's reversal on Dual EC DRBG which had been RSA's default algorithm for a long time. > the reason we have said if you want n bits of security, every > cryptographic value should be at least 2n bits long. If you use 256 If the algorithm or PRNG that you use has an exploitable weakness then it doesn't matter how many bits your keys are. You could use 10000 bits worth of keys with stock RC4 and attacks against it will still be in near real time because of flaws in the stock algorithm. If you use a deterministic PRNG like Dual EC DRBG then it doesn't matter what encryption algorithm you use or how large your keys are because your data is not actually encrypted; it's obfuscated by a deterministic pattern of numbers. The only real, technical benefit to doubling key size is to slow down brute force attacks or large prime factorizations. -- Rich P.
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |