[cryptography] Duplicate primes in lots of RSA moduli
thierry.moreau at connotech.com
Wed Feb 22 10:32:03 EST 2012
While commenting about
, Marsh Ray wrote:
> It talks about entropy exclusively in terms of 'unpredictability', which
> I think misses the essential point necessary for thinking about actual
> systems: Entropy is a measure of uncertainty experienced by a specific
I am curious that you seem to prefer the risk analysis definition of
entropy over the more general definition. I am rather confident that a
proper application of the more general definition is more effective in
providing security assurance: the future attack vectors are deemed to be
You are not alone using this perspective. NIST documents on secret
random data generation are very confusing about the definition they use.
(I dropped out of their feedback requests on the last revision/round
where they split the contents into two documents and released only one.)
NIST seems to refer to three definitions: one from the
information-theory (min-entropy), one where every bit is unpredictable
(full entropy -- you know how NIST loves cryptographic parameters of
just the proper size), and the risk analysis definition.
Anyway, this whole thing about RSA modulus GCD findings questions us
about entropy in a renewed perspective (a reminder that future attack
vectors are deemed to be unexpected ones).
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
More information about the cryptography