randomness // how important is it 'really', if it's not *absolutely* random ?

vedaal at hush.com vedaal at hush.com
Wed Jan 28 21:10:54 CET 2009

if the randomness collected for generation of a gnupg session key, 
isn't *absolutely* random, then it may introduce a bias whereby the 
session key space can be theoretically be able to be attacked by a 
'better-than-brute-force' method, by selectively concentrating on 
the possibilities the bias in in favor of


how much of a threat is this really,
given the nature of how gnupg collects random data on the various 
computer platforms?

is there any practical way of exploiting this 'less-than-absolute' 
randomness, so that the attack is even approaching the threat level
of anything a crypto user needs to be concerned with?

to put it in quantitative terms,

can the 'pseudo-randomness' affect a 256 bit session key,
so that it would effectively be easier to attack than a 'truly-
random' 128 bit key?

if not,
then it shouldn't be a practical concern

is there any test of a computer system that can be done to know 
when the level of 'pseudo-randomness' has decreased to where it 
should be of practical concern ?



any ads or links below this message are added by hushmail without 
my endorsement or awareness of the nature of the link

Never be in the dark again. Click now for a new generator!

More information about the Gnupg-users mailing list