ved...@hush.com wrote:
[...]
> how much of a threat is this really,
> given the nature of how gnupg collects random data on the various 
> computer platforms?

I don't have the math or crypto background to answer you definitively, but I
feel confident that *today* the difference between the randomness of a good
/dev/random and theoretically perfect randomness is probably not of significant
practical concern.

> can the 'pseudo-randomness' affect a 256 bit session key,
> so that it would effectively be easier to attack than a 'truly-
> random' 128 bit key?

If a practical attack were known that reduced a 256-bit key to the effective
strength of a 128-bit key, that would be huge news.  So, I really doubt it.

But that's today. As they say, attacks never get worse, they only get better;
that huge news might only be one major breakthrough away. (We don't for sure of
course, but that's what makes it a breakthrough. :) )

-Chris

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to