[Cryptography] Entropy Needed for SSH Keys?

[David Johnston]

On 5/22/16 6:18 PM, Kent Borg wrote:

> Dammit, I can neither remember nor find that quote about how using a 
> deterministic process to make up random numbers is against nature, or 
> grace, or the universe. Like I say, I can't find it.
While I'm gainfully employed as an RNG designer and general crypto 
security person, I hold the opinion that ignorance beats entropy.

In one sense, ignorance of the state of a system can be equated to that 
system having entropy relative to the thing that is ignorant of the 
state of the system.

However we tend to think of entropy as being an intrinsic thing, arising 
from underlying quantum uncertainty, rather than a relative thing.

However we know we don't have a complete understanding of quantum 
physics or quantum uncertainty, whereas we know all about ignorance. You 
can rely on ignorance. If someone is ignorant of your key, the key works 
just fine in a crypto system that is intended to prevent that person 
undermining security in some way.

Deterministic processes are just fine at taking samples from complex 
system and turning into a state that is hard to predict. While having 
'full entropy' numbers that therefore have no algorithmic connection 
between them is a fine thing for random numbers, the whole concept of 
full entropy comes from the assumption that the randomness of quantum 
uncertainty is a real thing. If not. If the rules of the universe are 
actually deterministic then we have to fall back on ignorance of the 
state of complex systems in order to create unpredictable numbers.

So in that sense, ignorance beats quantum uncertainty. You can rely on 
ignorance, but have to trust the assumption that quantum uncertainty is 
real.

If you make your crypto system such that it's secure providing either 
one of ignorance of a complex system state or quantum uncertainty is 
true, then the assumptions on which the security of the system are based 
will be more robust.

DJ