Re: handling weak keys using random selection and CSPRNGs

2006-10-16 Thread Marcos el Ruptor
Now, you said compressed files and you might not have meant pictures, but note that L-Z style compressed files don't really have much in the way of headers. If the headers were a problem, you'd expect longer files to bury any deviation in the noise, but it doesn't. The longer the files I test the

Re: handling weak keys using random selection and CSPRNGs

2006-10-13 Thread Leichter, Jerry
| Given how rare weak keys are in modern ciphers, I assert that code to cope | with them occurring by chance will never be adequately tested, and will be | more likely to have security bugs. In short, why bother? Beyond that: Are weak keys even detectable using a ciphertext-only attack (beyond

Re: handling weak keys using random selection and CSPRNGs

2006-10-13 Thread Steven M. Bellovin
On Thu, 12 Oct 2006 16:50:13 -0400 (EDT), Leichter, Jerry [EMAIL PROTECTED] wrote: This suggests that, rather than looking for weak keys as such, it might be worth it to do continuous online testing: Compute the entropy of the generated ciphertext, and its correlation with the plaintext, and

Re: handling weak keys using random selection and CSPRNGs

2006-10-13 Thread Leichter, Jerry
| This suggests that, | rather than looking for weak keys as such, it might be worth it to | do continuous online testing: Compute the entropy of the generated | ciphertext, and its correlation with the plaintext, and sound an | alarm if what you're getting looks wrong. This might be a |

Re: handling weak keys using random selection and CSPRNGs

2006-10-13 Thread Travis H.
On 10/12/06, Leichter, Jerry [EMAIL PROTECTED] wrote: Beyond that: Are weak keys even detectable using a ciphertext-only attack (beyond simply trying them - but that can be done with *any* small set of keys)? Yes, generally, that's the definition of a weak key. But that's an odd attack to

Re: handling weak keys using random selection and CSPRNGs

2006-10-13 Thread Perry E. Metzger
Travis H. [EMAIL PROTECTED] writes: On 10/12/06, Leichter, Jerry [EMAIL PROTECTED] wrote: Beyond that: Are weak keys even detectable using a ciphertext-only attack (beyond simply trying them - but that can be done with *any* small set of keys)? Yes, generally, that's the definition of a

Re: handling weak keys using random selection and CSPRNGs

2006-10-13 Thread Greg Rose
At 17:05 -0400 2006/10/12, Steven M. Bellovin wrote: This is a very interesting suggestion, but I suspect people need to be cautious about false positives. MP3 and JPG files will, I think, have similar entropy statistics to encrypted files; so will many compressed files. Actually, no. I have

Re: handling weak keys using random selection and CSPRNGs

2006-10-12 Thread Steven M. Bellovin
Given how rare weak keys are in modern ciphers, I assert that code to cope with them occurring by chance will never be adequately tested, and will be more likely to have security bugs. In short, why bother? - The Cryptography