[Cryptography] Very best practice for RSA key generation

Tue Nov 5 12:58:24 EST 2019

> On Nov 4, 2019, at 10:26 PM, Christian Huitema <huitema at huitema.net> wrote:
> 
> 
> On 11/4/2019 5:58 PM, Jon Callas wrote:
>> It's certainly possible to take that basic format and further make it easier. As an obvious example, you typed "Correct Horse Battery Staple" and it's obvious that "correct horse battery staple" is also valid. There's no reason why we can't accept reasonable typos or alternates such as "verum equus altilium stapulae" or "correct cheval batterie agrafe" or even "正确 马 电池 主食" as each of those is just a different encoding of four fifteen bit integers.
> 
> Pushing your luck, are you? Matching a list of 32K words in different
> languages is going to be fraught with synonyms, homonyms and the like.
> Just to take your example, "batterie" in French is a rechargeable
> battery, while the Duracell battery is "une pile" -- which is also a
> pile. And then, I am not sure that there are 32K commonly used words in
> French, which might introduce interesting issues.

Perhaps I lost the larger point in the rhetorical flourish, or perhaps I didn't go far enough.

The larger point is that we have a shared secret with some security value. Then we have an encoding of that secret. I picked 60 bits, and let's run with that because 60 is a nice number. That's 15 hex digits, or for a word passphrase, N words. If the list is 15 bits long, we need four words. We could do five words from a list 4096 long. Or six from a list 1024 long. 

We have no idea what the best thing to do there would be. The intuition that less typing is more reliable is questionable -- assuming you agree with my assertion that four words is *easier* than fifteen hex digits. It might be that words from a larger list (and thus more unusual) might be more memorable than more commonly used words. Or it might not. We don't know. That's a lot of what James and I were talking about.

I was adding to that that you might be able to add error correction to the typing task, and make the human's job easier. On a simple case of that, the sorts of error correction we get all the time can fix things. If I mistype the word "weird" (which is weird because it breaks the I-before-E rule of thumb) transposing I and E, the system knows what I meant. (And as a matter of fact, when I intentionally typed that misspelling here, it autocorrected.)

You could, for example, error correct "la pile" and "batterie" in French, but not error correct "cell" and "battery" in English. When I picked the Chinese words, the word for "staple" I picked was staple in the sense of a food, not staple in the sense of a metal thing you bind paper together with. 

Popping back to the larger point, a less efficient coding of a shared secret allows for assistive software. That assistive software can and should adapt to the human based on culture, language, etc. (As a side point, when I naively translated "correct horse battery staple" into French, the software I used considered "correct" to be a adjective modifying "horse battery staple" and threw it to the end of the words. This tells me that perhaps "correct" isn't a good thing to put in the French word list, as people are likely to misremember similarly.) So what we need is research, testing, and above all, some creative thinking from an interdisciplinary group, not just mathematicians doing coding.

	Jon