Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: RE: key material

RE: key material

From: Don Parker <dparker_at_rigelksecurity.com>
Date: Fri, 23 Apr 2004 16:01:24 -0400 (EDT)

Hello, well as you mentioned yes the initial fill of the prng will dictate the length of
the lrs (linear recursive sequence) ie: an R6. So the initial fill of the R6 could be
like 010011. That being said you also get into maximal and non-maximal length lrs's as
well. You can also get into specific tap points as well on the prng. I would suggest you
head down to www.security-forums.com and post in the crypto forum. There is a guy there
called JustinT who is very much a crypto guru.

Cheers,

Don

-------------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
www.rigelksecurity.com
ph :613.249.8340
fax:613.249.8319
--------------------------------------------

On Apr 23, "Burton M. Strauss III" <BStrauss_at_acm.org> wrote:

Remember, while a PRNG may GENERATE more bits, the initial random pool caps
the total randomness.

Suppose you generate 5 numbers using any PRNG you like. If the seed is only
1 bit(0 or 1), there are only TWO patterns you will see. Period. If the
seed is two bits, there are 4 patterns, etc.

This surfaced recently in some of the lottery machines - small seed space
and the machines were frequently reset - meaning that the 'quick pick'
tickets covered only a small % of the number space.

-----Burton

> -----Original Message-----
> From: Greg Kilford [mailto:greg_kilford_at_hotmail.com]
> Sent: Thursday, April 22, 2004 12:29 PM
> To: vuln-dev_at_securityfocus.com
> Subject: key material
>
>
> Hi everyone,
>
> I was juz discussing with my pals the other day on the
> appropriate initial
> input bit size to seed a PRNG of the structure below for it to be used to
> generate the random bits for RSA key material of modulus 1024
> bits or 2048
> bits. Anyone know what would be the ideal length/size of A so
> that there is
> sufficient entropy to generate the key material for RSA 1024/2048
> bits keys?
>
> A: Initial input seed of x bit size and fed into the 3DES x9.17
> PRNG in 64
> bit blocks.
> B: A constant key of 128 bits (112 bits effective). Does not change with
> each loop of output block O.
> C: Initialization vector - 64 bits size with initial fixed value and fed
> back with each loop.
> O: Output of 64 bit block with each loop for RSA 1024/2048 key material.
>
> Initial total of x bits as seed
> (feeding in 64-bit block feed)
> A
> |
> \|/
> x9.17 PRNG V
> ----------------------
> | |
> | |<------ B (128bits with 112 bits effective)
> : Constant
> value for all loops
> | |
> | 3DES |
> | |
> | |<-------
> | | |
> ---------------------- |
> | | | C (64 bit IV) : Initial fixed IV.
> Changed/feedback with every loop.
> | | |
> | -----------|
> |
> \|/
> V
> O
> Output Random Stream
> (in 64 bit blocks)
>
> _________________________________________________________________
> MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
> <a href='http://join.msn.com/?page=features/virus'>http://join.msn.com/?
page=features/virus</a>
>
Received on Apr 26 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos