Re: [dsfjdssdfsd] Any plans for drafts or discussions on here?

Michael Hammer <michael.hammer@yaanatech.com> Sat, 25 January 2014 21:17 UTC

Return-Path: <michael.hammer@yaanatech.com>
X-Original-To: dsfjdssdfsd@ietfa.amsl.com
Delivered-To: dsfjdssdfsd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 153E41A0045 for <dsfjdssdfsd@ietfa.amsl.com>; Sat, 25 Jan 2014 13:17:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.436
X-Spam-Level:
X-Spam-Status: No, score=-2.436 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gl4fCRQl-LX6 for <dsfjdssdfsd@ietfa.amsl.com>; Sat, 25 Jan 2014 13:17:03 -0800 (PST)
Received: from email1.corp.yaanatech.com (webmail10.yaanatech.com [63.128.177.10]) by ietfa.amsl.com (Postfix) with ESMTP id E7D491A003A for <dsfjdssdfsd@ietf.org>; Sat, 25 Jan 2014 13:17:03 -0800 (PST)
Received: from SC9-EX2K10MB1.corp.yaanatech.com ([fe80::149d:c2e1:8065:2a47]) by ex2k10hub1.corp.yaanatech.com ([::1]) with mapi id 14.03.0123.003; Sat, 25 Jan 2014 13:17:02 -0800
From: Michael Hammer <michael.hammer@yaanatech.com>
To: "paul.hoffman@vpnc.org" <paul.hoffman@vpnc.org>
Thread-Topic: [dsfjdssdfsd] Any plans for drafts or discussions on here?
Thread-Index: AQHPFik7i/q5nfCSa0yR/K7nGCDgcJqOvseAgAArLACAAqUWgIAAqIaAgAEY5AD//3wacIAApM6A//+D2yCAAbCvgIAA/mZAgAC+noD//5NagA==
Date: Sat, 25 Jan 2014 21:17:00 +0000
Message-ID: <00C069FD01E0324C9FFCADF539701DB3BBF1C045@sc9-ex2k10mb1.corp.yaanatech.com>
References: <52DD996F.3040708@cs.tcd.ie> <CAF4+nEHEWaSr3HMuGtQ=vQzuuhkTo2uNpedUTNgmT5NsWRsTfA@mail.gmail.com> <30316745-8091-46AD-95A1-407757489FF9@vpnc.org> <1737731959.20140122185149@gmail.com> <03f201cf17ee$e34ccbf0$a9e663d0$@hosed.org> <15541579.20140123214020@gmail.com> <00C069FD01E0324C9FFCADF539701DB3BBF18E51@sc9-ex2k10mb1.corp.yaanatech.com> <204592464.20140123233807@gmail.com> <00C069FD01E0324C9FFCADF539701DB3BBF18FD6@sc9-ex2k10mb1.corp.yaanatech.com> <1825449796.20140124180225@gmail.com> <00C069FD01E0324C9FFCADF539701DB3BBF1BE0E@sc9-ex2k10mb1.corp.yaanatech.com> <2C723E08-FB16-4D03-9371-94D164111E5B@vpnc.org>
In-Reply-To: <2C723E08-FB16-4D03-9371-94D164111E5B@vpnc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.17.100.244]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_016A_01CF19CF.BA1D22B0"
MIME-Version: 1.0
Cc: "dsfjdssdfsd@ietf.org" <dsfjdssdfsd@ietf.org>
Subject: Re: [dsfjdssdfsd] Any plans for drafts or discussions on here?
X-BeenThere: dsfjdssdfsd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The dsfjdssdfsd list provides a venue for discussion of randomness in IETF protocols, for example related to updating RFC 4086." <dsfjdssdfsd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dsfjdssdfsd>, <mailto:dsfjdssdfsd-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dsfjdssdfsd/>
List-Post: <mailto:dsfjdssdfsd@ietf.org>
List-Help: <mailto:dsfjdssdfsd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dsfjdssdfsd>, <mailto:dsfjdssdfsd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jan 2014 21:17:06 -0000

I am not sure if we are talking past each other.

Using terms from your example, 
I have one input (trying to map to what you say) that is message A.
I have another input, call it key B.
The output of the "secure algorithm" is C.
C will be known by adversary M.

The question is whether B is sufficiently random that C cannot guess it.
Also, that M cannot easily discover A knowing C.
The strength of the algorithm is part of the assurance.
The strength of the key is the other part.
Weak key B does not adequately protect message A.

Now, being random does not guarantee that the key B is not weak, just not
easily deduced by M.
But, if B is generated from inputs B1 and B2 in such a way that it tends to
reduce the randomness 
(worse case results in very small subset of keys B), then M can brute force
B to reveal A.

One of the papers cited earlier pointed out how a complex algorithm 
actually ended up converging on a small number of values.
I would hope to avoid repeating that mistake.

Michael Hammer
Principal Engineer
michael.hammer@yaanatech.com
Mobile: +1 408-202-9291
500 Yosemite Drive Suite 120
Milpitas, CA 95035 USA


-----Original Message-----
From: Paul Hoffman [mailto:paul.hoffman@vpnc.org] 
Sent: Saturday, January 25, 2014 11:35 AM
To: Michael Hammer
Cc: dsfjdssdfsd@ietf.org
Subject: Re: [dsfjdssdfsd] Any plans for drafts or discussions on here?

On Jan 25, 2014, at 8:16 AM, Michael Hammer <michael.hammer@yaanatech.com>
wrote:

> So, if you mix a non-random input with a random input, using a 
> deterministic algorithm, the output will be more random?
> That doesn't seem right to me.

That's because it is not right for many reasons. To start, you haven't
defined "non-random" and "more random".

A better description:

Value A has X bits that cannot be known to adversary M. Value B has Y bits
that cannot be known to M.

Securely mixing A and B into a value C whose length is greater than or equal
to (X + Y) will result in C having (X + Y) bits that cannot be known by M.
If C's length is less than (A + B), every bit in C cannot be known by M.

In your question above, the fact that B might be 0 is irrelevant to the
calculation. 

--Paul Hoffman