Vulnerability Development mailing list archives

RE: key material

From: "Greg Kilford" <greg_kilford () hotmail com>
Date: Fri, 23 Apr 2004 08:25:03 -0600

So u are suggesting 1024/2048 bits size/length for A to seed the PRNG andthen after that the output stream O could be drawn to provide the bits forRSA 1024/2048 bits modulo key materials generation?

A few of us are inclined towards this, but a few of my pals seem to thinkweirdly. They feel that 64/128 or even 192 bits would have sufficed. Theirargument is that the symmetric and asymmetric crypto "strength" would meansthat such length/size of A would match up. A few years back, Schneiercommented in a paper on the comparison of crypto "strength" betweensymmetric and asymmetric key sizes (something like 80bits symm key isequivalent to 1024bits asymm RSA key). But I really disagree that thecrypto strength has anythin to do with RNG. What does everyone think?

From: "Burton M. Strauss III" <BStrauss () acm org>
To: <vuln-dev () securityfocus com>
CC: "Greg Kilford" <greg_kilford () hotmail com>
Subject: RE: key material
Date: Fri, 23 Apr 2004 06:48:46 -0500

Remember, while a PRNG may GENERATE more bits, the initial random pool caps
the total randomness.

Suppose you generate 5 numbers using any PRNG you like. If the seed isonly

1 bit(0 or 1), there are only TWO patterns you will see.  Period.  If the
seed is two bits, there are 4 patterns, etc.

This surfaced recently in some of the lottery machines - small seed space
and the machines were frequently reset - meaning that the 'quick pick'
tickets covered only a small % of the number space.

-----Burton

> -----Original Message-----
> From: Greg Kilford [mailto:greg_kilford () hotmail com]
> Sent: Thursday, April 22, 2004 12:29 PM
> To: vuln-dev () securityfocus com
> Subject: key material
>
>
> Hi everyone,
>
> I was juz discussing with my pals the other day on the
> appropriate initial

> input bit size to seed a PRNG of the structure below for it to be usedto

> generate the random bits for RSA key material of modulus 1024
> bits or 2048
> bits.  Anyone know what would be the ideal length/size of A so
> that there is
> sufficient entropy to generate the key material for RSA 1024/2048
> bits keys?
>
> A: Initial input seed of x bit size and fed into the 3DES x9.17
> PRNG in 64
> bit blocks.

> B: A constant key of 128 bits (112 bits effective). Does not changewith

> each loop of output block O.
> C: Initialization vector - 64 bits size with initial fixed value and fed
> back with each loop.
> O: Output of 64 bit block with each loop for RSA 1024/2048 key material.
>
> Initial total of x bits as seed
> (feeding in 64-bit block feed)
>             A
>             |
>            \|/
> x9.17 PRNG   V
> ----------------------
> |                    |
> |                    |<------ B (128bits with 112 bits effective)
> : Constant
> value for all loops
> |                    |
> |       3DES         |
> |                    |
> |                    |<-------
> |                    |       |
> ----------------------       |
>         |          |          | C (64 bit IV) : Initial fixed IV.
> Changed/feedback with every loop.
>         |          |          |
>         |          -----------|
>         |
>        \|/
>         V
>         O
> Output Random Stream
> (in 64 bit blocks)
>
> _________________________________________________________________
> MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
> http://join.msn.com/?page=features/virus
>


_________________________________________________________________

The new MSN 8: advanced junk mail protection and 2 months FREE*http://join.msn.com/?page=features/junkmail

Current thread:

key material Greg Kilford (Apr 22)
- RE: key material Burton M. Strauss III (Apr 23)
- <Possible follow-ups>
- RE: key material Greg Kilford (Apr 23)
  - RE: key material Burton M. Strauss III (Apr 23)
  - RE: key material David Schwartz (Apr 26)
- RE: key material Don Parker (Apr 26)