[cryptography] Duplicate primes in lots of RSA moduli

Thierry Moreau thierry.moreau at connotech.com
Wed Feb 22 10:32:03 EST 2012


While commenting about

http://www.cs.bris.ac.uk/Research/CryptographySecurity/knowledge.html

, Marsh Ray wrote:
> 
> It talks about entropy exclusively in terms of 'unpredictability', which
> I think misses the essential point necessary for thinking about actual
> systems: Entropy is a measure of uncertainty experienced by a specific
> attacker.

I am curious that you seem to prefer the risk analysis definition of 
entropy over the more general definition. I am rather confident that a 
proper application of the more general definition is more effective in 
providing security assurance: the future attack vectors are deemed to be 
unexpected ones.

You are not alone using this perspective. NIST documents on secret 
random data generation are very confusing about the definition they use. 
(I dropped out of their feedback requests on the last revision/round 
where they split the contents into two documents and released only one.) 
NIST seems to refer to three definitions: one from the 
information-theory (min-entropy), one where every bit is unpredictable 
(full entropy -- you know how NIST loves cryptographic parameters of 
just the proper size), and the risk analysis definition.

Anyway, this whole thing about RSA modulus GCD findings questions us 
about entropy in a renewed perspective (a reminder that future attack 
vectors are deemed to be unexpected ones).

Regards,

-- 
- Thierry Moreau

CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1

Tel. +1-514-385-5691



More information about the cryptography mailing list