> And now consider the 10**50 messages djb assumes. Time for me to put out a big "I screwed up" message. I screwed up: my math is, in fact, wrong. I was in a boring meeting today and was mentally reviewing my math and realized, "wait, there's no way a 2**-78 chance of picking a weak key by accident corresponds to a 10**-53 chance."
I was right. There are a few different ways you can convert between log bases, but like many mathematically-inclined people I have an affinity for base e. Conversions into and out of base e are really simple. To convert a logarithm in base N into base e, multiply by ln(N). To convert a logarithm in base e into base N, divide by ln(N). And so on. The binary logarithm of 2**-78 is -78. Multiply that by ln 2 and you get -53. 2**-78 is e**-53. You guys see the problem, right? I converted it into base e, but neglected to convert it into base 10. ln(10) is about 2.3. So 2**-78 = e**-53 = 10**-23. Yowch. It's not every day you create an error of thirty orders of magnitude, but ... there you have it. (I'm still an amateur, though. The physics community has an error of 120 orders of magnitude in their computed value for the cosmological constant, and they still have no idea where they're screwing up.) This changes the math slightly. You now need about 10^20 messages to have a very small chance of one message being encrypted with a weak key, not 10^50. That's still a *huge* number, though, and is greater than the number of GnuPG messages I expect to ever be encrypted. I'm still not worried, the conclusion is still sound. Still, an error of thirty orders of magnitude should be noted -- and if anyone wants to point at me and laugh, I definitely deserve it. :)
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
