tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Patch: new random pseudodevice



On Fri, 09 Dec 2011, Pawel Jakub Dawidek wrote:
You are aware of the fact that 99.99% of computers don't have true random number generators and the bits you claim that are random are not random at all? They try to be unpredictable.

I believe that there is a truly random component to air turbulence inside mechanical disk drives, and that some of the randomness can be harvested in timing measurements. I believe that there is a truly random component to the relationship between two uncoupled oscillators, and that some of that randomness can be harvested in timing measurements. I believe that there is a truly random component to the noise produced by an amplifier, and that some of that randomness can be harvested by an A/D converter. I believe that most computers have hardware capable of exploiting some of this randomness. I believe that this randomness is of thermodynamic and quantum origin, that it's difficult to estimate how many bits of entropy are theoretically present, and even more difficult to estimate how many bits of entropy are actually harvested.

CSPRNG have two roles: turn few almost unpredictable bits that your machine can gather into many cryptographically secure pseudo-random bits and to hide those almost unpredictable bits from consumers.

Yes.

Returning gathered entropy directly is very, very risky.

Yes.

--apb (Alan Barrett)


Home | Main Index | Thread Index | Old Index