Re: [dsfjdssdfsd] Any plans for drafts or discussions on here?

Michael Hammer <> Sat, 25 January 2014 21:17 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 153E41A0045 for <>; Sat, 25 Jan 2014 13:17:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.436
X-Spam-Status: No, score=-2.436 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id gl4fCRQl-LX6 for <>; Sat, 25 Jan 2014 13:17:03 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id E7D491A003A for <>; Sat, 25 Jan 2014 13:17:03 -0800 (PST)
Received: from ([fe80::149d:c2e1:8065:2a47]) by ([::1]) with mapi id 14.03.0123.003; Sat, 25 Jan 2014 13:17:02 -0800
From: Michael Hammer <>
To: "" <>
Thread-Topic: [dsfjdssdfsd] Any plans for drafts or discussions on here?
Thread-Index: AQHPFik7i/q5nfCSa0yR/K7nGCDgcJqOvseAgAArLACAAqUWgIAAqIaAgAEY5AD//3wacIAApM6A//+D2yCAAbCvgIAA/mZAgAC+noD//5NagA==
Date: Sat, 25 Jan 2014 21:17:00 +0000
Message-ID: <>
References: <> <> <> <> <03f201cf17ee$e34ccbf0$a9e663d0$> <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
x-originating-ip: []
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_016A_01CF19CF.BA1D22B0"
MIME-Version: 1.0
Cc: "" <>
Subject: Re: [dsfjdssdfsd] Any plans for drafts or discussions on here?
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The dsfjdssdfsd list provides a venue for discussion of randomness in IETF protocols, for example related to updating RFC 4086." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 25 Jan 2014 21:17:06 -0000

I am not sure if we are talking past each other.

Using terms from your example, 
I have one input (trying to map to what you say) that is message A.
I have another input, call it key B.
The output of the "secure algorithm" is C.
C will be known by adversary M.

The question is whether B is sufficiently random that C cannot guess it.
Also, that M cannot easily discover A knowing C.
The strength of the algorithm is part of the assurance.
The strength of the key is the other part.
Weak key B does not adequately protect message A.

Now, being random does not guarantee that the key B is not weak, just not
easily deduced by M.
But, if B is generated from inputs B1 and B2 in such a way that it tends to
reduce the randomness 
(worse case results in very small subset of keys B), then M can brute force
B to reveal A.

One of the papers cited earlier pointed out how a complex algorithm 
actually ended up converging on a small number of values.
I would hope to avoid repeating that mistake.

Michael Hammer
Principal Engineer
Mobile: +1 408-202-9291
500 Yosemite Drive Suite 120
Milpitas, CA 95035 USA

-----Original Message-----
From: Paul Hoffman [] 
Sent: Saturday, January 25, 2014 11:35 AM
To: Michael Hammer
Subject: Re: [dsfjdssdfsd] Any plans for drafts or discussions on here?

On Jan 25, 2014, at 8:16 AM, Michael Hammer <>

> So, if you mix a non-random input with a random input, using a 
> deterministic algorithm, the output will be more random?
> That doesn't seem right to me.

That's because it is not right for many reasons. To start, you haven't
defined "non-random" and "more random".

A better description:

Value A has X bits that cannot be known to adversary M. Value B has Y bits
that cannot be known to M.

Securely mixing A and B into a value C whose length is greater than or equal
to (X + Y) will result in C having (X + Y) bits that cannot be known by M.
If C's length is less than (A + B), every bit in C cannot be known by M.

In your question above, the fact that B might be 0 is irrelevant to the

--Paul Hoffman