[cryptography] Duplicate primes in lots of RSA moduli

Morlock Elloi morlockelloi at yahoo.com
Thu Feb 16 13:41:03 EST 2012


Properly designed rngs should refuse to supply bits that have less than specified (nominal) entropy. The requestor can go away or wait. In many applications it is sufficient to postpone key generation until the last possible moment (for some odd reason, coders tend to generate keys first, then do everything else.) If that is not enough, you simply wait while entertaining the user with blinking lights.

For example, clock-strobing in desktops can produce 3-5 bits/sec. That's 5 minutes just for a decent session (symmetric) key, and more for RSA. Of course, one can always choose to live with shitty keys.

What recent events are showing is that the average effective key length is determined by rngs, and based on the results, it seems to be around 30-40 bits. 




> to increase entropy. You're supposed to have sufficient
> entropy in the first place.




More information about the cryptography mailing list