ved...@hush.com wrote: [...] > how much of a threat is this really, > given the nature of how gnupg collects random data on the various > computer platforms?
I don't have the math or crypto background to answer you definitively, but I feel confident that *today* the difference between the randomness of a good /dev/random and theoretically perfect randomness is probably not of significant practical concern. > can the 'pseudo-randomness' affect a 256 bit session key, > so that it would effectively be easier to attack than a 'truly- > random' 128 bit key? If a practical attack were known that reduced a 256-bit key to the effective strength of a 128-bit key, that would be huge news. So, I really doubt it. But that's today. As they say, attacks never get worse, they only get better; that huge news might only be one major breakthrough away. (We don't for sure of course, but that's what makes it a breakthrough. :) ) -Chris
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users