Re: TRUE RANDOMNESS captured...

Dutra de Lacerda (dulac@ip.pt)
Sat, 22 Aug 1998 23:30:06 +0100

• Next message: Dutra de Lacerda: "Re: TRUE RANDOMNESS captured..."
• Previous message: Adam Shostack: "Re: Encryption is like a locked suitcase"
• In reply to: Ted Lemon: "Re: Encryption is like a locked suitcase"

At Saturday, you wrote:

>Even if you modify your code to generate a 32 bit word for each
>KeyPressed, it is still essential to estimate how much entropy the
>KeyPressed event contains (certainly not 32 bits).

Actually the Tick Counter have more that 8 bits, but knowing that
the entropy associated with the frequency of code transformations
in the idle time, they may be superior to 64 bits for the total
work involved.

Notice that the heart of the routine is the idle transformations
interrupted by a keypress. Thus the importance of the frequency
of the transforms while idle. What is such a frequency in a 686
at 200MHz?

There is another consideration: The synergetic aspect of the
TEA-like transformation affecting all bits. I suppose that cannot
be measured but is present.

>Suppose each KeyPressed event actually generates 1 bit of entropy,
>and you need 64 bits of random data for a key. Once you've collected
>the data from 64 KeyPressed calls, you should hash this data
>(64 of your 32 bit words) with a cryptographically secure hash.
>This will yield more secure data than using the data from your
>routine directly.

As stated previously: The Key used is almost unimportant compared
with the number of iterations, affecting all bits, in the idle time.
You actually get a number of bits proportional with the frequency
of the idle time transform.
And every Key adds the key pressed (some 4 bits because they
are randomly choosed by the user) and continues adding the next
iterations up to the end of the routine with an <Enter> Key.

>It would be very, very foolish to use the output of your code to
>directly fill a key structure (e.g. two calls at 32bits each yields
>your 64 bit key).

If using the Keys only, yes. But that is a incorrect view of the
algorithm. It is an Hibrid algorithm. Thus a different analysis
is needed...

Hope to have explained a little better the inner of such simple
piece of code.

(Engineering is getting the best results with the smallest expenses)

Regards,
Dutra de Lacerda.

 - - -
Antonio Manuel Melo de Carvalho Dutra de Lacerda
Morada : Rua Rodrigues Cabrilho, 5 - 5 Esq.
                  1400 Lisboa, PORTUGAL
Telefone : +351-(1)-3013579
FAX & BBS : +351-(1)-3021098

• Next message: Dutra de Lacerda: "Re: TRUE RANDOMNESS captured..."
• Previous message: Adam Shostack: "Re: Encryption is like a locked suitcase"
• In reply to: Ted Lemon: "Re: Encryption is like a locked suitcase"