|
Vulnerability Development
mailing list archives
RE: key material
From: "David Schwartz" <davids () webmaster com>
Date: Sat, 24 Apr 2004 12:43:25 -0700
So u are suggesting 1024/2048 bits size/length for A to seed the PRNG and
then after that the output stream O could be drawn to provide the
bits for
RSA 1024/2048 bits modulo key materials generation?
That is incorrect.
A few of us are inclined towards this, but a few of my pals seem to think
weirdly. They feel that 64/128 or even 192 bits would have
sufficed. Their
argument is that the symmetric and asymmetric crypto "strength"
would means
that such length/size of A would match up. A few years back, Schneier
commented in a paper on the comparison of crypto "strength" between
symmetric and asymmetric key sizes (something like 80bits symm key is
equivalent to 1024bits asymm RSA key). But I really disagree that the
crypto strength has anythin to do with RNG. What does everyone think?
Here's the quick proof that fewer than 1,024 bits are needed to seed a PRNG
that's going to produce a 1,024 bit RSA key: If you needed 1,024 bits to
seed the PRNG, that would mean there would have to be 2^1,024 possible 1,024
bit RSA keys, or, to put it another way, all possible bit combinations of a
given length would have to be legal RSA keys. They are not.
The PRNG simply has to be strong enough to not be the weakest link.
DS
 By Date 
By Thread
Current thread:
|
Intro
