randomness // how important is it 'really', if it's not *absolutely* random ?

[vedaal at hush.com]

if the randomness collected for generation of a gnupg session key, 
isn't *absolutely* random, then it may introduce a bias whereby the 
session key space can be theoretically be able to be attacked by a 
'better-than-brute-force' method, by selectively concentrating on 
the possibilities the bias in in favor of

ok

how much of a threat is this really,
given the nature of how gnupg collects random data on the various 
computer platforms?

is there any practical way of exploiting this 'less-than-absolute' 
randomness, so that the attack is even approaching the threat level
of anything a crypto user needs to be concerned with?


to put it in quantitative terms,

can the 'pseudo-randomness' affect a 256 bit session key,
so that it would effectively be easier to attack than a 'truly-
random' 128 bit key?

if not,
then it shouldn't be a practical concern


is there any test of a computer system that can be done to know 
when the level of 'pseudo-randomness' has decreased to where it 
should be of practical concern ?

tia,

vedaal

any ads or links below this message are added by hushmail without 
my endorsement or awareness of the nature of the link

--
Never be in the dark again. Click now for a new generator!
 http://tagline.hushmail.com/fc/PnY6qxsz5e1NtuH5v6j1pZZg64Dd5ytllyp4QuhTXZe4BigcQK8Np/