Peter: I do not know what the other people on this mailing list believe, but it seems that you are looking for some level of validation in using the shortcuts you insist on implementing. Now I for one, do not care if you employ the methodologies you speak of (using your brain to generate random characters), because I do not believe that I care if your data is safe, since its yours and not mine. However, in terms of facts, it is clear that the brain is not a valid random character generator as juxtaposed against /dev/random or other devices; no matter what you argue or think, that is demonstrated by theological, statistical, and physics theory depending whom you ask. The fact that you think your thoughts are random does not make them random. As I explained earlier, if you take the Wall Street Journal use the 3 verb from the first article in the first column everyday, that word will appear random, but once we see the word is taken from as an article (imposing a segment of order in and of itself), then the word is not random. So to are our thoughts, and individual thought may appear random from day to day, or hour to hour, but the overall morality and rules by which we live, supersede that randomness and apply order to it (i.e. you live by certain rules, like never stealing, raping, pillaging, or drinking liquid you know to be radioactive). Now since your data is your data, you may protect it (or not as the case may be) in anyway you choose, and our validation of your methods is not required for you to do so. Matter of fact I am giving you my permission to use your own methods of generating random characters with your brain, if it makes you feel any better. Yet, I do think that if you feel you are going to provide some sort of argument for the brain being a random character generator of any validity beyond those known to be higher level random character generators, you are stuck presenting factual based evidence to outweigh the already immense level of statistical data evidencing the contrary to your belief. You have not yet to date presented any such evidentiary material to contradict the position supported by scientists, theologians, and physicists worldwide. Presuming for a moment that you desire to be more of an "appliance operator" than "technical operator" when it comes to crypto, that is fine. But, crypto has (and most likely always will be) more of a "roll your own" sort of issue. There is no right or wrong way to choose a pass phrase, only a more secure or less secure method. Your methods tend to lean in the direction of being less secure, which as I have stated is fine if that meets your own requirements. But, if you want the warm and fuzzy of knowing you have created a crypto position with respect to your data which is very strong, you are misleading yourself if you believe what you are about to do is secure in a strong manner. Very Respectfully, Stuart Blake Tener, IT3, USNR-R, N3GWG VTU 1904G (Volunteer Training Unit) stuart@xxxxxxxxxxx west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043 east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859 Telecopier: (419)-715-6073 fax to email gateway via www.efax.com (it's free!) JOIN THE US NAVY RESERVE, SERVE YOUR COUNTRY, AND BENEFIT FROM IT ALL. Sunday, July 08, 2001 4:27 PM -----Original Message----- From: peter k. [mailto:spam-goes-to-dev-null@xxxxxxx] Sent: Sunday, July 08, 2001 6:24 AM To: stuart@xxxxxxxxxxx Cc: linux-crypto@xxxxxxxxxxxx Subject: Re: Announce loop-AES-v1.3b file crypto package > It is not random, because, people cannot have random thoughts. The Zohar > (the text on Jewish mysticism) says we receive only thoughts, which will > help us correct ourselves into better people, or do a job to help others > around us correct themselves. Thus, nothing we think or do is random, but is > programmed for our own correction we must work to achieve in each lifetime > as inscribed by G-D. your brain is a bunch of billiards of neurons which work together in a huge biochemical reaction, there is much randomness (note that its not the main part, otherwise you couldnt be intelligent) because its a reaction between so many parts > However, events (not thoughts) have much more random nature to them. While > even events (from G-Ds view) are not random, to use their sequence and > placement seems so, providing a level of randomness sufficient for the > purposes at hand. However, according to Kabbalah (Jewish Mysticism, and the > "new" physics), there is no randomness in the world at all. The new physics > says that it was a random strike of lightening which first created life, > but, how can we say life's creation (a monumentus occasion in world history) > could have been random if we believe in g-d? i do not believe in god, sorry but nobody managed to prove its existence yet while we have already lots of proves for the big bang [i could mention *lots* of arguments againts the existence of 'god' but this shouldnt get a religious discussion] > Therefore, it is the appearance of randomness we are looking for, and such > appearance needs to come from events so unrelated that we cannot access the > attributes to "de randomize" their reconnection. Thus if you pick the 3rd > verb printed in the front page of the wall street journal every day, the 9th > adjective, and the 20th preposition, they are so unrelated that we presume > them random. Yet in fact, those words are not random, they are part of an > order (the article we are reading) which is unrelated to the more grand > random nature we see in picking those words. So to are our thoughts, when > you think our thoughts are random, your are not viewing them from G-Ds view. > Since G-Ds work is far less random than the words appearing in the Wall > Street Journal, do you think it safe to use human thought to protect your > data? thats the same process i use to generate random characters using my brain, i pick each letter randomly out of my thoughts but its better because you cant read my brain if you know that my passphrases came from there like you can do with the wallstreet journal > Remember, we have power and ability beyond even our own comprehension. So, > if you randomly picked 5 numbers every day, after a year, you would see a > pattern. One which you didn't even realize, but was always there. Our brains > can do things we don't realize, and that is at the influence of G-D. We are > not good randomization engines. well, searching for patterns in random numbers created by a human over a year is a good idea, but i still dont think that you would find any patterns which would allow you to predict the next random number you would generate as you have different thoughts every day, hour, even evey second which are influenced by the randomness of your brain and by everything you see, hear and feel which is usually random and dont forget that we were originally talking about encryption! if someone wants to crack my AES128 encrypted drive he doesnt know any passwords i created so he cant know any patterns in my thoughts if they really exist and so he wont be able to guess the 40 random characters! Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
