Re: [Hampshire] OpenSSL in Debian is broken

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMPeter Alefounder at <-
MHugo Mills at ->

Reply to this message
Author: Philip Stubbs
Date:  
To: p_alefounder, Hampshire LUG Discussion List
CC: 
Subject: Re: [Hampshire] OpenSSL in Debian is broken
2008/5/16 Peter Alefounder <p_alefounder@???>:
> Even if you could not show that the numbers were random (whatever
> that might mean to a mathematician), if it was impossible to
> predict the sequence, wouldn't that be good enough for practical
> cryptographic applications? Chris Oattes' definition seems to me
> to be sufficient. Could a non-random but non-predictable (with
> probability > 1/10 per decimal digit) sequence exist?

This got me thinking. The problem is not just whether the next digit
can be predicted, but if there can be any long term cycles that could
start to show.

For example, given a ten digit number, it may be possible to say that
it, on it's own, is random. Given 100 10 digit numbers, a pattern
could exist that would not show up within one number, but would allow
the 101'st sequence to be determined.

In the end, I expect that what is considered 'random enough' will be
used, and that definition will evolve as computing power expands. If
the value of the computing power needed to crack a system is greater
than the value of that system, then I would say it is secure enough.
How you determine that value is another question :-)

--
Philip Stubbs


This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] OpenSSL in Debian is brokenRe: [Hampshire] Hugo's talk videos->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)