[1765] in cryptography@c2.net mail archive
Re: How to break PGP?
daemon@ATHENA.MIT.EDU (Colin Plumb)
Fri Oct 24 14:44:45 1997
Date: Fri, 24 Oct 1997 06:16:18 -0600 (MDT)
From: Colin Plumb <colin@nyx.net>
To: cryptography@c2.net, joswald@rpkusa.com
> One potential weakness is that under Windows, messages are sent essentially
> synchronously at (approx.) intervals of 55 milliseconds (18.2 times per
> second), in time with the PC "heartbeat" interrupt. Unless very special
> low-level timing is implemented, which is essentially impossible to do with
> message timing, all keyboard and mouse information arrives at substantially
> regular intervals: multiples (or nearly so) of the above figure.
This is why the timing figures (for mouse events especially) are not very
valuable. But the mouse position information (as it advises you to wave the
mouse) are a lucrative source, as it's hard to trace the exact same path
with the mouse even if you try.
The entropy estimation is failrly simple: attempt several predictors of
the next position based on history (constant position, constant
velocity, constant acceleration, etc.), take the minimum error of any
of the predictors, take the logarithm, and derate it a bit for safety.
The *big* safety padding factor is that PGP generates full entropy
(2048 bits for a 2048-bit key) for the public keys, even though the
security requirements are actually much lower. Not that I haven't tried
to get the rest of the system right, but this provides belt & suspenders
even if the face of errors.
--
-Colin
