randomness // how important is it 'really', if it's not *absolutely* random ?

Chris De Young chd at chud.net
Wed Jan 28 22:02:07 CET 2009

vedaal at hush.com wrote:
> how much of a threat is this really,
> given the nature of how gnupg collects random data on the various 
> computer platforms?

I don't have the math or crypto background to answer you definitively, but I
feel confident that *today* the difference between the randomness of a good
/dev/random and theoretically perfect randomness is probably not of significant
practical concern.

> can the 'pseudo-randomness' affect a 256 bit session key,
> so that it would effectively be easier to attack than a 'truly-
> random' 128 bit key?

If a practical attack were known that reduced a 256-bit key to the effective
strength of a 128-bit key, that would be huge news.  So, I really doubt it.

But that's today. As they say, attacks never get worse, they only get better;
that huge news might only be one major breakthrough away. (We don't for sure of
course, but that's what makes it a breakthrough. :) )


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090128/0a06722e/attachment.pgp>

More information about the Gnupg-users mailing list