[cryptography] random number generator

dj at deadhat.com dj at deadhat.com
Thu Nov 20 12:41:28 EST 2014


>>> Plz excuse if inappropriate.  Does anyone know of a decent (as in
>>> really
>>> random) open source random generator?  Preferably in PHP or C/C++?
>>>
>>> Thanks.

Getting back to the initial question, the answer I think is 'no'.

You haven't expressed clearly what you want from this RNG, but you're
asking in a crypto forum and you said 'really random', which I take to
mean you want something that is suitable for crypto applications, like
generating keys, feeding key search algorithms, random IVs, nonces and all
the other fun stuff we do. I take it to mean you are not just looking for
a CS-PRNG.

For this you need an algorithm that
A) Measures the physical world in a way that translates quantum
uncertainty into digital bits with a well defined min-entropy.

and
B) Cryptographically processes these numbers such that they are
unpredictable (in specific ways) and indistinguishable from random.

and maybe
C) Uses that to seed a CS-PRNG to give you lots of numbers with low
overhead and guaranteed computational bounds on the adversary.

An algorithm in C, C++ or PHP in isolation cannot offer the necessary
properties because those languages can only be used to express
deterministic behaviors.

The hardware you run on must provide the source of non determinism. This
could be by sampling local physical events that happen to be entropic or
from a local entropy source circuit, or by reaching out over the internet
to other sources (this has issues) or a combination of all three.

In a pinch you can look at the whole system as assume entropy is leaking
in through its pores, and then sample the system state in complicated
ways. But this approach is tightly bound to the chosen system. It is not
portable.

So knowing this, you can know what to go looking for.

1) A physical source of entropy -> Check your hardware specs
2) An entropy extractor -> http://en.wikipedia.org/wiki/Randomness_extractor
3) A CS-PRNG ->
http://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator

Code for 2 and 3 are spread all over the internet.

For 1, buy one, buy a computer that has one or get out your soldering
iron. Bill Cox has been discussing his interesting design for such a thing
right here.

DJ




More information about the cryptography mailing list