The best thing a computer can do is to generate a pseudo-random sequence which, although it looks random, is in fact not. The period of a pseudo-random sequence must be long enough for its subsequence to be aperiodic, i.e. have a period equal to its length. For example, if you want a string of a million random bits, you should not use a sequence generator that repeats every 65536 bits to generate it.

A pseudo-random bit sequence should, if possible, not differ from a truly random one. It is necessary that the number of ones approximately coincides with the number of zeros, and half of all strips (consecutive identical sequence components) have length I. One fourth has length 2, one eighth has length 4, etc. In addition to those just listed, there are a number of other generally accepted tests that allow you to check whether a given sequence is indeed a pseudorandom sequence.

The creation of good pseudorandom sequence generators has received quite a lot of attention in mathematics. At present, it is possible to generate sequences with a period of about 2000-3000 bits. The problem is that all pseudo-random sequence generators give predictable results and correlation dependences under certain conditions. And this is exactly what cryptanalysts expect from pseudorandom sequences in order to mount an effective attack on cryptosystems where these sequences are used.

Cryptographically secure pseudorandom sequences

In cryptography, pseudorandom sequences are subject to much greater requirements than simply having certain attributes of statistical randomness. For a pseudorandom sequence to be cryptographically reliable, it must be unpredictable. This means that for a cryptographically secure pseudorandom bit sequence, it is impossible to say in advance what its next bit will be, even knowing the algorithm for generating this sequence and all its previous .bits. Like any cryptographic algorithm, a cryptographically secure pseudorandom sequence generator can be attacked and opened by a cryptanalyst. Cryptography teaches how to make such generators resistant to cryptanalytic attacks of various types.

Truly random sequences

A sequence is called no-really random if it cannot be reproduced. That means that if you run a truly random sequence generator twice with the same input, its output will be different random sequences. The main challenge is to be able to distinguish a random sequence from a non-random one. If we encrypt a character string several times with a cryptographic algorithm that complies with GOST 28147-89, we will obtain a sequence that looks like a truly random one. To prove its non-randomness, there is no other way but for the NSA to rent appropriate computing power and a tampering program. However, it is unlikely that your lease proposal will be taken seriously there.

Bad keys

When the sender himself chooses the key with which he encrypts his messages, his choice usually leaves much to be desired. For example, Pyotr Sergeyevich Ivanov would rather use Ivanov than 7)g* as a key. It is not because he is unwilling to observe elementary security rules. It’s just that he remembers his surname much better than abracadabra of six arbitrarily taken symbols. But even the world’s strongest encryption algorithm isn’t going to help him keep his correspondence secret, especially if the keys Ivanov uses are always the same as the names of his immediate family members and he writes down those keys on scraps of paper stuck on his computer. In a well-organized brute force attack, a qualified cryptanalyst won’t try all the keys one by one. He will first test those of them that mean anything to Ivanov. This type of brute-force attack is called a commodity attack, since during it, the adversary uses a dictionary of the most likely keys. This dictionary usually includes:

A good key is a random bit vector. For example. if its length is 56 bits, this means that its generation process can produce any of 2 56 (2 to the power of 56) possible keys with equal probability. The source of random keys is usually either a natural random generator (a good analogy of such a generator is a small child who has just learned to walk – the time intervals between its falls are completely random). Alternatively, the source of a random key can be a cryptographically robust pseudorandom bit sequence generator. Better, the key generation process should be automated. If there is no computer at hand to run a program implementing a pseudorandom generator, or your child is long out of infancy, you can toss a coin or a dice.

The use of a good random number generator is very important when generating cryptographic keys, but there should not be too much debate about which one is more random. It is more important to apply strong encryption algorithms and robust key handling procedures. If you have doubts about randomness when choosing a key, you can use one of the key generation methods described later in this chapter.

In all encryption algorithms there are so-called non-resistant keys. This means that some of the keys to the cipher are less strong than others. Therefore, when generating the keys, they have to be automatically tested for strength and new keys have to be generated to replace those that fail this test. For example, the DES algorithm has only 24 unresilient keys out of a total of 2,56 , so the probability of stumbling across a nonresilient key is negligible. Additionally, how would a cryptanalyst know that a particular message or file was encrypted using a non-persistent key? And consciously refusing to use non-persistent keys gives an adversary additional information about your encryption system, which is undesirable. On the other hand, verifying keys for non-persistence is simple enough to neglect.

Generating public keys is much more difficult than generating secret keys, since public keys must have certain mathematical properties (e.g., they must be the product of two prime numbers).

Using random keys is not always convenient. Sometimes a key needs to be stored in memory, and 36f9 67aZ f9cb d931 is not easy for a person to remember. In this case, you can use some rule that will be obvious to you but inaccessible to an outsider. Two variants of such a rule:

Compose a key from several words separated by punctuation marks. For example, keys like YankeeGo home are very easy to remember. Use as a key a combination of letters, which is an acronym for a longer word. For example, the catchy name of the German wine Liebenfraumilch allows you to generate the key Lbnfrmlch! by discarding vowels and adding an exclamation point. Password

A more attractive approach is to use a fairly long, easy-to-remember sentence in Russian, English, or another language instead of a single word, which is converted into a key. Such an expression is called a password in cryptography. Any unidirectional hash function can be used to convert a password into a pseudorandom bit key.

The password should be chosen long enough so that the resulting key is random. From information theory, we know that each letter in an English sentence contains approximately 1.3 bits of information. Then, to obtain a 64-bit key, the password should consist of about 49 letters, which corresponds to an English phrase of 10 words.

The password must be easy to recall if desired, and at the same time, it must be sufficiently unique. A quote from Kozma Prutkov, which everyone is familiar with, is unlikely to work, since his compositions are available in a form that can be reproduced on a computer and, therefore, can be used in a dictionary attack. It is better to use the work of a little-known poet or playwright, quoting him with mistakes. A greater effect can be achieved if the quote used to generate the key contains foreign words. Unpretentious swear words are ideal for this purpose – you don’t have to write them down to memorize them. Just hit yourself with a hammer and the password will automatically come to your mind. You just have to restrain yourself from saying it out loud so that strangers won’t overhear it.

bass pro cc