cryptographically secure?
DTAshley at aol.com
DTAshley at aol.com
Fri Sep 17 17:23:56 CEST 2004
I think part of the problem here is using an algorithm for an unintended purpose. I'm fairly sure that if one looks at most random number generation algorithms, one can find a way to reverse-engineer the seed (or at least narrow the search space) based on the output sequences. Random number generation algorithms are made for statistical distribution, tests of randomness, etc.
If you want to make it interesting, use a second "seed" (a random string with at least a few hundred bits of information), take the output of the random number generator and run the MD5 or SHA1 on a concatenated form of the random output and the second seed, and use THAT output. I guarantee that going backwards from that to get information about the random number seed will be .... pretty hard. MD5 and SHA1 are made just for that purpose.
Wrong type of algorithm for the application.
In a message dated 9/17/2004 10:03:39 AM Eastern Daylight Time, "delta trinity" <deltatrinity at hotmail.com> writes:
>Well, to be cryptographically secure, you need a *really* random input seed.
>
>Any seed that is not random, as for many of the ones based on the system
>clock, is not secure. Take for example, an algorithm that take the time to
>the milli-second of the system, and feed it to the random seed. Then an
>attacker, even knowing a very vague plage of time where you could have run
>the algorithm, can deduct a plage of time period and try brute-force attack.
>
>I don't know the distribution of GMP random function, but for it to by
>cryptographically secure, it must give an uniform distribution of it's
>output, depending of it's input seed.
>
>A way to generate really random input seed, used in many crypto programs, is
>based on the mouse input. Basically, you get a window, for which you must
>hoover over it for a few seconds. The program take the X and Y values and
>derive a random sequence (possibly looking only at the lowest bit of the X
>and Y values, and making a check to ensure that there isn't too many zeros
>or ones).
>
>
>>From: malik.hammoutene at epfl.ch
>>To: DTAshley at aol.com, gmp-discuss at swox.com
>>Subject: Re: cryptographically secure?
>>Date: Thu, 16 Sep 2004 15:49:31 +0200
>>
>>Thank you for your answer.
>>
>>What I want to know by saying "cryptographically secure", is not if one can
>>easily determine the seed from samples or not. The question is: EVEN if the
>>seed
>>is "cryptographically secure", are the random functions of GMP
>>"cryptographically secure"? Is it possible for anybody to determine the
>>algorithm from samples?
>>
>>It's the difference between cryptographic and algorithmic...
>>
>>Best regards,
>>
>>M.Hammoutène,
>>http://lasecwww.epfl.ch
>>
>>PS: sorry for my english ;o)
>>
>>
>> > The usual notion of cryptographic security in the case of something that
>>uses
>> > a seed value and generates a new value, updating the seed, is that from
>>a
>> > certain number of samples, one can't easily determine the seed (and of
>> > course, once the seed is determined, all future random numbers are
>>easily
>> > generated).
>> >
>> > It is usually a question of whether one has a computationally tractable
>>way
>> > to predict future random numbers from a sequence of past random numbers.
>> >
>> > I do not see any particular reason that the GMP random number functions
>>would
>> > be secure in that sense.
>> >
>> > Also, please define "cryptologically secure". This is very ambiguous.
>> >
>> > Dave.
>> >
>> > In a message dated 9/16/2004 4:21:44 AM Eastern Daylight Time,
>> > malik.hammoutene at epfl.ch writes:
>> >
>> > >
>> > >Good morning,
>> > >
>> > >I'm developping some cryptographic protocol and I'm using GMP. My
>>question
>> > is to
>> > >know if the random functions of GMP are cryptographically secure.
>>Nothing
>> > is
>> > >said in the documentation.
>> > >
>> > >I hope having an answer,
>> > >
>> > >Best Regards,
>> > >
>> > >M. Hammoutène,
>> > >http://lasecwww.epfl.ch
>> > >_______________________________________________
>> > >gmp-discuss mailing list
>> > >gmp-discuss at swox.com
>> > >https://gmplib.org/mailman/listinfo/gmp-discuss
>> > >
>> >
>>
>>
>>_______________________________________________
>>gmp-discuss mailing list
>>gmp-discuss at swox.com
>>https://gmplib.org/mailman/listinfo/gmp-discuss
>
>_________________________________________________________________
>Express yourself instantly with MSN Messenger! Download today - it's FREE!
>http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>_______________________________________________
>gmp-discuss mailing list
>gmp-discuss at swox.com
>https://gmplib.org/mailman/listinfo/gmp-discuss
>
More information about the gmp-discuss
mailing list