if the randomness collected for generation of a gnupg session key, isn't *absolutely* random, then it may introduce a bias whereby the session key space can be theoretically be able to be attacked by a 'better-than-brute-force' method, by selectively concentrating on the possibilities the bias in in favor of
ok how much of a threat is this really, given the nature of how gnupg collects random data on the various computer platforms? is there any practical way of exploiting this 'less-than-absolute' randomness, so that the attack is even approaching the threat level of anything a crypto user needs to be concerned with? to put it in quantitative terms, can the 'pseudo-randomness' affect a 256 bit session key, so that it would effectively be easier to attack than a 'truly- random' 128 bit key? if not, then it shouldn't be a practical concern is there any test of a computer system that can be done to know when the level of 'pseudo-randomness' has decreased to where it should be of practical concern ? tia, vedaal any ads or links below this message are added by hushmail without my endorsement or awareness of the nature of the link -- Never be in the dark again. Click now for a new generator! http://tagline.hushmail.com/fc/PnY6qxsz5e1NtuH5v6j1pZZg64Dd5ytllyp4QuhTXZe4BigcQK8Np/ _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users