[19390] in cryptography@c2.net mail archive
Re: RNG quality verification
daemon@ATHENA.MIT.EDU (Philipp =?utf-8?q?G=C3=BChring?=)
Fri Dec 23 11:38:43 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: Philipp =?utf-8?q?G=C3=BChring?= <pg@futureware.at>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>,
cryptography@metzdowd.com
Date: Fri, 23 Dec 2005 16:09:15 +0100
In-Reply-To: <E1Epapz-0006ze-00@medusa01.cs.auckland.ac.nz>
X-MDaemon-Deliver-To: cryptography@metzdowd.com
Hi Peter,
> Easily solveable bureaucratic problems are much simpler than unsolveable
> mathematical ones.
Perhaps there is some mis-understanding, but I am getting worried that the=
=20
common conception seems to be that it is an unsolveable problem.
What is wrong with the following black-box test?
* Open browser
* Go to a dummy CA=C2=B4s website
* Let the browser generate a keypair through the <keygen> or cenroll.dll
* Import the generated certificate
* Backup the certificate together with the private key into a PKCS#12=20
container
* Extract the private key from the backup
* Extract p and q from the private key
* Extract the random parts of p and q (strip off the first and the last bit)
* Automate the previous steps with some GUI-Automation system
* Concatenate all random bits from all the keypairs together
* Do the usual statistical tests with the random bits
Is this a valid solution, or is the question of the proper usage of random=
=20
numbers in certificate keying material really mathematically unsolveable?
(I am not a RSA specialist yet, I tried to stay away from the bit-wise deta=
ils=20
and the mathematics, so I might be wrong)
But I would really worry, if it is mathematically impossible to attestate t=
he=20
correct usage (to a certain extent, I know about the statistical limitation=
s)=20
of random numbers with the software I am using to get certificates.
Best regards,
Philipp G=C3=BChring
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
