Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

How secure is the RNG in PGP?

PGP RNG Secure
0
Posted

How secure is the RNG in PGP?

0 CommentsAdd a Comment

1 Answer

0

The security of the PGP system relies quite heavily on the Random Number Generator (RNG). The RNG is used in the following situations: • Production of long-term asymmetric keys. • Production of random session (symmetric) keys. • Production of Initialisation Vectors (IV). • Production of random values used by DSS. Fortunately, PGP v5+ implements a RNG according to ANSI X9.17, which is in conformance to the standard outlined in [FIPS186-1]. As a matter of personal interest, I abstracted the RNG functionality from PGP v5.0i and produced 50x 30Mb files of “random” data which were then tested with DieHard [Mar98], a popular program for testing data for non-randomness. According to DieHard the output of the RNG used in PGP exhibits no bias, correlation or other obvious statistical weakness. A couple of the tests failed, but this is to be expected [Rit98]. The PGP RNG also passes the statistical tests specified in [FIPS140-1]. NOTE: the RNG cannot be declared “secure” just upon my empirical t

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123