On Mon, 14 May 2001, Phillip H. Zakas wrote:
> 2. using networks for random number generation.
> concepts like this seem like a good idea at first glance (you could generate
> a very large stream of random bits to produce a key..etc.) i'm attracted to
> the idea of a system which produces a lot of random bits (a problem for
> random number generators today.) plus if you have two different systems
> monitoring the same 'random' network patterns you don't have to distribute
> the key as you're transmitting the data (I assume this is their method, but
> it's not described on the site.) regardless of the implementation, systems
> which rely on external data such as network information noise can't offer
> true security. such systems could be manipulated by external seemingly
> random events in order to produce a crib or predictable cycle for later
> cryptanalysis. the method they're seeking to generate pseudo-random bits
> (the actual term they should be using) is open to such manipulation at one
> or more layers of the OSI model, and even using protocols which are pretty
> difficult for them to detect (for example, interfering with BGP routing from
> a distance to influence packet velocity, size, etc.)
Yeah, except there ain't nothing 'random' about TCP/IP over Ethernet.
Any LEA bozo with a packet sniffer and a watch will crack you like a
rotten egg.
____________________________________________________________________
God was my co-pilot, then we crashed in the Andes.
So I ate him.
Anonymous
The Armadillo Group ,::////;::-. James Choate
Austin, Tx /:'///// ``::>/|/ [EMAIL PROTECTED]
www.ssz.com .', |||| `/( e\ 512-451-7087
-====~~mm-'`-```-mm --'-
--------------------------------------------------------------------
