Vulnerability Development mailing list archives

RE: key material

From: "Burton M. Strauss III" <BStrauss () acm org>
Date: Fri, 23 Apr 2004 06:48:46 -0500

Remember, while a PRNG may GENERATE more bits, the initial random pool caps
the total randomness.

Suppose you generate 5 numbers using any PRNG you like.  If the seed is only
1 bit(0 or 1), there are only TWO patterns you will see.  Period.  If the
seed is two bits, there are 4 patterns, etc.

This surfaced recently in some of the lottery machines - small seed space
and the machines were frequently reset - meaning that the 'quick pick'
tickets covered only a small % of the number space.

-----Burton

-----Original Message-----
From: Greg Kilford [mailto:greg_kilford () hotmail com]
Sent: Thursday, April 22, 2004 12:29 PM
To: vuln-dev () securityfocus com
Subject: key material

Hi everyone,

I was juz discussing with my pals the other day on the
appropriate initial
input bit size to seed a PRNG of the structure below for it to be used to
generate the random bits for RSA key material of modulus 1024
bits or 2048
bits.  Anyone know what would be the ideal length/size of A so
that there is
sufficient entropy to generate the key material for RSA 1024/2048
bits keys?

A: Initial input seed of x bit size and fed into the 3DES x9.17
PRNG in 64
bit blocks.
B: A constant key of 128 bits (112 bits effective).  Does not change with
each loop of output block O.
C: Initialization vector - 64 bits size with initial fixed value and fed
back with each loop.
O: Output of 64 bit block with each loop for RSA 1024/2048 key material.

Initial total of x bits as seed
(feeding in 64-bit block feed)
            A
            |
           \|/
x9.17 PRNG   V
----------------------
|                    |
|                    |<------ B (128bits with 112 bits effective)
: Constant
value for all loops
|                    |
|       3DES         |
|                    |
|                    |<-------
|                    |       |
----------------------       |
        |          |          | C (64 bit IV) : Initial fixed IV.
Changed/feedback with every loop.
        |          |          |
        |          -----------|
        |
       \|/
        V
        O
Output Random Stream
(in 64 bit blocks)

_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
http://join.msn.com/?page=features/virus

Current thread:

key material Greg Kilford (Apr 22)
- RE: key material Burton M. Strauss III (Apr 23)
- <Possible follow-ups>
- RE: key material Greg Kilford (Apr 23)
  - RE: key material Burton M. Strauss III (Apr 23)
  - RE: key material David Schwartz (Apr 26)
- RE: key material Don Parker (Apr 26)