Ted Anderson (ota+@transarc.com)
Wed, 10 Feb 1999 18:20:08 -0500 (EST)
On Wed, 10 Feb 1999 12:02:49 -0500 (EST) "David R. Conrad" <drc@adni.net> wrote:
> > Ah, but there's a chance you can. There's an attack on hamsters where you
> > can get them to repeat the same output over and over again by sending them
> > messages with a specific pattern. RSAREF is similar to the above except it
> > uses addition instead of polynomials, and a number of people have figured
> > out a rather practical attack on it. There's probably a similar attack on
> > using a polynomial mixing function.
>
> References?
>
> > There's another whole piece which is missing as well. You never ever want
> > to add entropy of only a bit or so directly to the pool, because that
> > would allow for continuation attacks.
>
> Here I get to reveal my ignorance; what's a continuation attack? I can't
> find this term in AC2 or the Yarrow docs.
Both of these are discussed in "Cryptanalytic Attacks on Pseudorandom
Number Generators" by Kelsey, et al[1] which I gather is the research
paper behind the implementation of Yarrow. I couldn't find the term
continuation attack in a quick scan of the paper, but I think it refers
to what is called a "State Compromise Extension Attack".
Ted Anderson
[1] http://www.counterpane.com/pseudorandom_number.html
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:27