randomness // how important is it 'really', if it's not *absolutely* random ?
Chris De Young
chd at chud.net
Wed Jan 28 22:02:07 CET 2009
vedaal at hush.com wrote:
> how much of a threat is this really,
> given the nature of how gnupg collects random data on the various
> computer platforms?
I don't have the math or crypto background to answer you definitively, but I
feel confident that *today* the difference between the randomness of a good
/dev/random and theoretically perfect randomness is probably not of significant
> can the 'pseudo-randomness' affect a 256 bit session key,
> so that it would effectively be easier to attack than a 'truly-
> random' 128 bit key?
If a practical attack were known that reduced a 256-bit key to the effective
strength of a 128-bit key, that would be huge news. So, I really doubt it.
But that's today. As they say, attacks never get worse, they only get better;
that huge news might only be one major breakthrough away. (We don't for sure of
course, but that's what makes it a breakthrough. :) )
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 250 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users