On Thu, Feb 16, 2012 at 12:28 PM, Jeffrey Schiller <[email protected]> wrote: >> Are you thinking this is because it causes the entropy estimate in the RNG >> to be higher than it really is? Last time I checked OpenSSL it didn't block >> requests for numbers in cases of low entropy estimates anyway, so line 3 >> wouldn't reduce security for that reason. > > I am thinking this because in low entropy cases where multiple boxes > generate the same first prime adding that additional entropy before the > second prime is generated means they are likely to generate a different > second prime leading to the GCD attack.
I'd thought that you were going to say that so many devices sharing the same key instead of one prime would be better on account of the problem being more noticeable. Otherwise I don't see the difference between one low-entropy case and another -- both are catastrophic failures. Nico -- _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
