On Tue, May 13, 2008 at 09:08:59PM -0400, Joey Hess wrote: > Russ Allbery wrote: > > Do we have a feel for how astronomically unlucky you have to get? If it's > > really astronomical, it's probably not worth worrying about. (My general > > rule of thumb on that sort of thing is that if the chances of a collision > > are lower than the chances of hardware failure during the course of the > > operation, it's probably not worth taking any special safeguards.) > > By that line of thinking, ssh-keygen shouldn't bother checking its > system calls either. Probability of system call failure is roughly > equaly to the probability of hardware failure.
My back-of-the-envelope calculation is that you need something approaching 10^80 key generations to have been performed before the risk of having one key in the broken space from any of them becomes non-negligible. I think that's astronomical enough that I'm not going to worry too much. This is based on some rules of reckoning that I haven't verified or even made entirely sure that I've applied correctly, BTW (density of primes, risk analysis, rough guess at the behaviour of OpenSSL's entropy gathering, etc.), so please take that with a pinch of salt. I might be completely wrong and I'm not sure this dodgy calculation should prevent us implementing Joey's suggestion anyway. -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
