On Wed, Nov 08, 2000 at 08:41:11AM -0700, Jason wrote:
> Nathan Saper wrote:
> > > The most common portable method of obtaining cryptographically strong
> > > random numbers is to generate a seed using the HACK device. (Human At
> > > Computer Keyboard :) I believe PGP relies on this method.
> > This is probably a stupid question, but: What would be the best way to
> > implement this sort of arrangement in Perl?
>
> Ive given this some thought, and have decided that I would need to
> know more about the specific nature of your application to answer.
> Obviously, the timing of individual keystrokes is not available to a
> perl script running on a remote webserver, which only sees a
> form-submit as a single clump of data. Basically, with the requirement
> for that level of interactivity, totally independant perl coding isnt
> possible.
The app I'm trying to code is client-server, so a client program could
do timing of keystrokes. In fact, this would probably be the best way
to do it. I'm just not sure what the best way would be to implement
this sort of thing in Perl.
>
> One could generate a seed from a hash of a user-supplied paragraph,
> but I am not sure that this would be anywhere near random enough for
> the generation of a 1024bit key... Requiring the user to type more
> than that would be inconvienent to say the least...
>
That, that would be a bit of a PITA.
>
>
- --
Nathan Saper (natedog@well.com) | http://www.well.com/user/natedog/
GnuPG (ElGamal/DSA): 0x9AD0F382 | PGP 2.x (RSA): 0x386C4B91
Standard PGP & PGP/MIME OK | finger natedog@well.com
(text/plain)