RE: key material

["David Schwartz" <davids () webmaster com>]

> So u are suggesting 1024/2048 bits size/length for A to seed the PRNG and
> then after that the output stream O could be drawn to provide the
> bits for
> RSA 1024/2048 bits modulo key materials generation?

        That is incorrect.

> A few of us are inclined towards this, but a few of my pals seem to think
> weirdly.  They feel that 64/128 or even 192 bits would have
> sufficed.  Their
> argument is that the symmetric and asymmetric crypto "strength"
> would means
> that such length/size of A would match up.  A few years back, Schneier
> commented in a paper on the comparison of crypto "strength" between
> symmetric and asymmetric key sizes (something like 80bits symm key is
> equivalent to 1024bits asymm RSA key).  But I really disagree that the
> crypto strength has anythin to do with RNG.  What does everyone think?

        Here's the quick proof that fewer than 1,024 bits are needed to seed a PRNG
that's going to produce a 1,024 bit RSA key: If you needed 1,024 bits to
seed the PRNG, that would mean there would have to be 2^1,024 possible 1,024
bit RSA keys, or, to put it another way, all possible bit combinations of a
given length would have to be legal RSA keys. They are not.

        The PRNG simply has to be strong enough to not be the weakest link.

        DS