[Cryptography] Checking for the inadvertent use of test keys

Christian Huitema huitema at huitema.net
Thu Sep 3 18:22:18 EDT 2015


> On Thu, 9/3/15, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
>
>  So for now I've left things at the ad-hoc level, checking
>  for ASCII strings,
>  strings where value n+1 differs from value n by a small
>  amount, that sort of
>  thing.  It's not meant to be a bulletproof test, just
>  something to ask the
>  user "are you sure this is what's meant to be used as a
>  key".

You could consider using machine learning. Get a good sized sample of test keys, an equal size sample of no test keys, constraint the learning enough so that it does not simply enumerate the test keys, and you would get a nice little classifier that would tell you whether to trigger the question.

-- Christian Huitema





More information about the cryptography mailing list