Vulnerability Development mailing list archives
RE: key material
From: "David Schwartz" <davids () webmaster com>
Date: Sat, 24 Apr 2004 12:43:25 -0700
So u are suggesting 1024/2048 bits size/length for A to seed the PRNG and then after that the output stream O could be drawn to provide the bits for RSA 1024/2048 bits modulo key materials generation?
That is incorrect.
A few of us are inclined towards this, but a few of my pals seem to think weirdly. They feel that 64/128 or even 192 bits would have sufficed. Their argument is that the symmetric and asymmetric crypto "strength" would means that such length/size of A would match up. A few years back, Schneier commented in a paper on the comparison of crypto "strength" between symmetric and asymmetric key sizes (something like 80bits symm key is equivalent to 1024bits asymm RSA key). But I really disagree that the crypto strength has anythin to do with RNG. What does everyone think?
Here's the quick proof that fewer than 1,024 bits are needed to seed a PRNG that's going to produce a 1,024 bit RSA key: If you needed 1,024 bits to seed the PRNG, that would mean there would have to be 2^1,024 possible 1,024 bit RSA keys, or, to put it another way, all possible bit combinations of a given length would have to be legal RSA keys. They are not. The PRNG simply has to be strong enough to not be the weakest link. DS
Current thread:
- key material Greg Kilford (Apr 22)
- RE: key material Burton M. Strauss III (Apr 23)
- <Possible follow-ups>
- RE: key material Greg Kilford (Apr 23)
- RE: key material Burton M. Strauss III (Apr 23)
- RE: key material David Schwartz (Apr 26)
- RE: key material Don Parker (Apr 26)