David R. Conrad (drc@adni.net)
Sat, 6 Feb 1999 02:01:24 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 1 Feb 1999, bram wrote:
> I wrote:
> > For an online protocol, Alice and Bob both generate a random N-bit session
> > key. They then exchange them (hey, they must have already had some method
> > in mind to transfer the one). The N-bit session key they use is the XOR
> > of the two keys they chose.
> >
> > As long as at least one of them had some decent entropy, they're fine.
>
> Hmm, yes, you're right. Of course, that does influence the protocol a bit,
> but it reduces the problem to (at worst) one of occasional third-party
> auditing.
Forgive me if I'm being dense, but I can't quite see what the third party
would occasionally be auditing, or why.
> It's also a good idea to send over some random bits to any counterparty
> you establish a secure connection with, just for good measure.
I always get a bit nervous whenever anyone talks about sending random bits
around, but I suppose as long as the receiver yarrows them, it won't hurt.
Still, I'm not entirely clear on how it will help. You must already have
a secure channel to send the bits over, because if Eve sees them on the
wire then they're useless. On the other hand, if you *do* already have a
secure channel, what purpose do the random bits serve?
> I think it's a good idea for any CSPRNG to be able to say that it doesn't
> have enough entropy at the moment. For example, /dev/random could be made
> to encounter an I/O problem if the RNG has been unavailable for too long.
Doesn't it already block if it doesn't think it has enough entropy in its
pool? I thought the distinction between /dev/random and /dev/urandom was
just that.
> Someone mentioned that he would only really trust a peripheral as a good
> RNG. I invite anyone with the technical know-how to market such things. If
> they were offered for $10 or less I would unhesitatingly buy one for all
> my personal machines.
I've been listening, both here and formerly on cypherpunks, for quite some
time (without saying much, since unlike our friend Mr. Shen I prefer to do
my learning without revealing too often how much I need it), and I've seen
that proposal quite a few times. Hasn't gone anywhere yet.
> (Who would like a good CSPRNG around just because making a kill file pipe
> particularly distasteful material to /dev/random is much more poetic than
> piping it to /dev/null)
Mirabile dictu! What a fantastic idea! Perhaps all this "your web site"
spam from UUNET subscribers can serve a purpose after all.
David R. Conrad <drc@adni.net> PGP keys (0x1993E1AE and 0xA0B83D31):
DSS Fingerprint20 = 9942 E27C 3966 9FB8 5058 73A4 83CE 62EF 1993 E1AE
RSA Fingerprint16 = 1D F2 F3 90 DA CA 35 5D 91 E4 09 45 95 C8 20 F1
This message brought to you by the letter '6' and the number 0xDEADBEEF.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQA/AwUBNrvoz4POYu8Zk+GuEQJNRgCgjBn/8gDKoEjPrxvPFYPWTZrGlRQAnR3x
zlCvUcRPg/R2gqHnFayxx74Y
=x2/4
-----END PGP SIGNATURE-----
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:26