> On Wed, May 28, 2008 at 03:38:47PM -0700, David Schwartz wrote: > > In principle, specifically avoiding these keys weakens the > > algorithm by reducing the keyspace. > >
> Only against random attacks of course, if all attackers first check these > keys, then removing them strengthens the algorithm against (non-random) > brute-force attack. This said, the effort of explicitly avoiding these > is probably wasted (unless one suspects one has a identically weak RNG). > > -- > Viktor. I realize it's counter-intuitive, but even this is wrong. Suppose that there's an attack tool that everyone uses to attack a particular algorithm. It brute-forces passwords and follows a particular pattern. If you use an implementation that is known to not use the first 10,000 keys this algorithm tests, attackers will respond by skipping those 10,000 keys. The net result will only be a reduction in the keyspace. Even if every attacker tests a particular key first, it is a net loss in security to specifically avoid that key if you randomly chose it. Really. If you honestly and truly randomly selected the key, you should go with it. Otherwise, there's one less key for an attacker to test. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
