tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Patch: new random pseudodevice

On Fri, Dec 09, 2011 at 02:33:49PM -0500, Mouse wrote:
> > You are aware of the fact that 99.99% of computers don't have true
> > random number generators and the bits you claim that are random are
> > not random at all?
> Actually, practically all computers have true random number generators.
> The first problem is that neither they nor their interfaces are
> designed as such, so getting the randomness out of them and into the
> system is...interesting.  The second problem is that nobody really
> knows just how good the resulting randomness is - that is, while there
> is true randomness there, nobody knows just how much information
> content there is in each "random" bit.  (The latter is one reason for
> whitening input bits as they are gathered.)
> These random number generators are things like the turbulence inside
> disk drives and the noise in sound input.

That's the problem. They might seem random, but they are not. They
weren't designed as true random number generators, so they can't be
trusted neither to generate true random numbers nor to be resistant on
various attacks. For example how does your sound card handle very loud,
continuous noice? Does it generate random numbers then? Does sound card
manufacturers test that? No. Sound input on the other hand can be nice,
one of many, entropy sources for CSPRNG.

Pawel Jakub Dawidek             
FreeBSD committer               
Am I Evil? Yes, I Am!           

Attachment: pgp7zG62SV2N4.pgp
Description: PGP signature

Home | Main Index | Thread Index | Old Index