[Courses] [security] Random number generators (was: Crypto Scientists Crack Prime Problem)

Val Henson val at nmt.edu
Thu Aug 15 12:16:40 EST 2002


On Thu, Aug 15, 2002 at 02:08:58PM -0400, Raven Alder wrote:
> Quoth Megan Golding (Wed, Aug 14, 2002 at 04:00:46AM -0700):
> > Take keyboard input. Ask the user to type "random" stuff and use that
> > to seed the key generation.
> 
> 	These are generally not very random, though, since people will
> actually type in semi-predictable patterns when asked to type randomly.
> Ditto for mouse movement.  "Random" typing usually results in people
> mashing the middle of the keyboard a lot, and in quick succession.  So
> you get something like 
> 
> hdsfkjahsioduytseadnvmdv alshdlfhsidruidnfsdk fsdifjsoiad fjsiodfja
> 
> as input most of the time.  Note the absence of capitalized characters,
> numbers, punctuation marks, anything like that.  The fingers don't move
> more than they have to.
> 
> 	I've not seen any attacks based on this in particular, but I am
> reasonably convinced that it could be done.

Actually, the programs I've used that requested random input this way
use the interval of time between keystrokes for random input, rather
than the actual characters typed.  Generate a new ssh key using
openssh if you're interested in seeing this in practice.

-VAL



More information about the Courses mailing list