1 / 18

Homework 7 How to generate high-quality true randomness by hand

Homework 7 How to generate high-quality true randomness by hand. (Proposed by Arnold G. Reinhold). Advisor: Prof. Jen-Chang Liu Graduate Student: Yi-Ching Chen( 陳怡靜 ) 92321527. Motive. Generating randomness by computer offers numerous opportunities for error and attack.

penha
Télécharger la présentation

Homework 7 How to generate high-quality true randomness by hand

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Homework 7 How to generate high-quality true randomness by hand (Proposed by Arnold G. Reinhold) Advisor: Prof. Jen-Chang Liu Graduate Student: Yi-Ching Chen(陳怡靜) 92321527

  2. Motive • Generating randomness by computer offers numerous opportunities for error and attack. • Simple dice present an attractive alternative if used properly. • This paper presents a number of techniques for using dice in conjunction with modern cryptographic software. Random number generator

  3. Introduction • PGP (Pretty Good Privacy) 提供e-mail和檔案儲存程式的安全認證加密的服務 • Many PGP users choose weak passphrases. • For the users adopting stronger passphrases, Reinhold have developed a Diceware PassphraseGenerator. • Diceware Passphrase • simple technique for creating short, memorable pass-phrases that are highly secure. • requiring no computer hardware or software. Random number generator

  4. Diceware Passphrase • The Diceware Passphrase Generator is a word list indexed so that words can be randomly selected by tossing five dice. • The list contains 7776 (= 65)short English words, abbreviations and easy to remember character strings. • Example Random number generator

  5. Word List • Rolling five dice and they came up 2, 1, 1, 1, 3, your next pass phrase word would be "cliff". • A printed copy of the word list • format the word list with 4 columns and 54 lines per page. (63 = 454) You will get a neat, 36 page printout in which the first two dice throws are constant for each page. • How long should the passphrase be? • Reinhold would recommend a five word passphrase for use with PGP, ViaCrypt and similar encryption programs. • In general, a four ~ six word passphrase will provide protection. Random number generator

  6. Word List • The list can also be used to generate login passwords for multi-user computer services by just concatenating two words • Reinhold recommend adding a random special character between the words, for example "dobbs(heron". Random number generator

  7. Why Diceware? • The random word selection process proposed by Peter Kwangjun Suk. • Could be done by computer when Suk posted his word list. • The source code must undergo public review and the object programs have to be distributed in a trustworthy way. • Most users will not bother to authenticate their copy even though it could easily have been be doctored to produce predictable passphrases. • Any password generating program is subject to a whole range of electronic attacks even after a verified copy has been installed on a user's machine. Random number generator

  8. Why Diceware? • Diceware approach • tamperproof, easy to understand, platform independent, immune from electronic attack and cryptographically strong. Random number generator

  9. Construction of the Diceware Passphrase Generator • Suk's original list had 10760 entries. • Reinhold added some more 3 and 4 character sequences that are easy-to-remember, like "300" and "aaaa", and then trimmed the list to 7776 entries by deleting all but about one in seven of Suk's 3796 six-character words. • The list contains 7776 (= 65)short English words, abbreviations and easy to remember character strings. • The average length of each word is about 4.2 characters. The longest words are six characters. Random number generator

  10. Construction of the Diceware Passphrase Generator • The list was alphabetized using Microsoft Excel, which sorts pure numbers ahead of mixed alphanumeric strings. Numerics and special characters were moved to the end of the list. • The index values are all the five-digit base-6 numbers, but with the digits running from 1 to 6 to match dice markings. Random number generator

  11. Analysis of the Diceware Passphrase Generator’s Security • Reinhold’s word list • Selecting a word at random from the resulting list has an entropy value of 8.96 (= log2 7776) bits. • The average length of each word is 4.239 characters. • A passphrase generated from this list will average an entropy of 2.11 (= 12.92/4.239) bits per character, not counting the spaces between words. • Suk's original list • 9.28 bits of entropy per word • The average word length was 4.77 characters • 1.95 bits of entropy per character Random number generator

  12. Tampering with the Diceware Generator • The Diceware Generator word list is inherently tamper proof. • The possible tampering is to shorten it or to introduce numerous duplicate entries. • Since the entries are numbered and are in alphabetical order, it is easy to detect any such irregularities. When you select a word, check to make sure it is in the proper alphabetical order and is not a duplicate. Random number generator

  13. Diceware Tables for Generating Routing Strings • Table 1. Alphanumeric characters • Rolling a pair of dice and look up each roll in the appropriate table. • Example • A roll where the left die is 4 and the right die is 2 results in the letter "T". Random number generator

  14. Diceware Tables for Generating Routing Strings • Table 2. Decimal numbers • * = roll again Random number generator

  15. Diceware Tables for Generating Routing Strings • Table 3. Hexadecimal numbers • * = roll again Random number generator

  16. Diceware Tables for Generating Routing Strings • Table 4. Syllables (Use three dice) Random number generator

  17. Diceware Tables for Generating Routing Strings • Table 5. Special characters Random number generator

  18. Diceware Tables for Generating Routing Strings • Table 6. Random numbers from 1 to 36 If you need random numbers in a smaller range, just roll again when a number outside your range comes up. For numbers in the range 1 to 216, roll three dice and use this formula: Left die + 6(Middle die - 1) + 36(Right die - 1) Random number generator

More Related