[Courses] [security] Random number generators (was: Crypto Scientists Crack Prime Problem)
Megan Golding
meggolding at yahoo.com
Thu Aug 15 16:57:35 EST 2002
Raven mentioned that "random number generation" based on user input
at the keyboard or mouse position isn't really random.
--- Val Henson <val at nmt.edu> wrote:
> Actually, the programs I've used that requested random input this
> way use the interval of time between keystrokes for random input,
> rather than the actual characters typed. Generate a new ssh key
> using openssh if you're interested in seeing this in practice.
I've heard others voice concerns about random number generation like
Raven's -- most notably by Bruce Schneier in _Secrets & Lies_. Raven,
you mention that you've not seen attacks that exploit this
predictability of the keyboard input and mouse position. I wonder if
the concern over the predictability of keyboard input is overstated
and the keys generated by such mechanisms are "strong enough".
What I'd like to know is how the generation, like Val describes, uses
some sort of timing between keystrokes...and, for that matter, what
these tools do with the keyboard input.
>From the link maven....
Here's an interesting list of pages about randomness:
http://www.cs.berkeley.edu/~daw/rnd/
I thought this was a good discussion:
http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/random-numbers.html
Meg
=====
Meg Golding | http://www.kalamitykat.com
__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com
More information about the Courses
mailing list