1

Why does it matter what kind of random number generation is used during key generation?

E.g. this answer states 7-8 words selected truly at random make a strong password. My problem's with the "truly" here. My thinking is - whatever key I chose with whatever random number generator, the information isn't available afterwards and an attacker can never know which random number generator I used, so he cannot use that to break the key. On the other hand, I can use "just count up" or a super sophisticated hardware generator and both might come up with "12345678" as a key. Of course, an attacker would start with trying keys like "111111" or "3456789", so he will break "12345678" earlier than, say, "93298762", but "using a good random number generator" or "selecting truly randomly" does not mean I cannot get "12345678" as key.

Haukinger
  • 119
  • 2

2 Answers2

2

When humans generate random key, there is some bias. For instance, in your example "93298762" there are only 2 turning points where as normally there should be 4 (you can argue that it is a single sequence and it is not long enough to seriously speak about statistics, but nevertheless...)

Even if an attacker does not know what generator you used, it makes sense for him to check first (after dictionary) the keys that a human would generate. This reduces essentially the entropy and thus the resources needed to brute-force the key. That's why it is important that generator has much entropy.

In cases where a human participation is possible, like password generation, a good generator will eliminate keys that have relatively high probability to be generated by a human (dictionary keys, keys with human specific anomalies). That's why when such generator generates a key "12345678" it would eliminate it and proceed with generating until the likelihood with human generated keys is below some threshold.

mentallurg
  • 2,661
  • 1
  • 17
  • 24
0

Being truly random is necessary in certain situations; for example during part of a key exchange protocol, where a permanent master key is used to encrypt less expensive session keys to send over.

If the process of key generation were to be "deterministic", an adversary could otherwise guess the next session key that we'll use, or perhaps even manipulate the user into selecting a session key of their choosing.

EDIT: As an aside, take pseudorandom generation. All that is required in order to discover and reproduce a pseudorandom sequence is the algorithm used to generate it and the initial seed. Therefore, the entire sequence of numbers is only as powerful as the 'randomly' chosen parts - but a given seed will always determine the same pseudorandom number!

See:

Random V Pseudorandom

GENERATION AND TESTING OF RANDOM NUMBERS FOR CRYPTOGRAPHIC APPLICATIONS

mikerover
  • 101
  • 3