[cryptography] random number generator

Stu stuart.christmas at gmail.com
Thu Nov 20 19:28:05 EST 2014


Jytter does all of this and has been validated and proven by the worlds leading random number experts. Its been validated as a TRNG (not a PRNG) that operates in userspace. And its only 11 assembly language instructions. 

Sent from my iPhone

> On 21 Nov, 2014, at 1:41, dj at deadhat.com wrote:
> 
> 
>>>> Plz excuse if inappropriate.  Does anyone know of a decent (as in
>>>> really
>>>> random) open source random generator?  Preferably in PHP or C/C++?
>>>> 
>>>> Thanks.
> 
> Getting back to the initial question, the answer I think is 'no'.
> 
> You haven't expressed clearly what you want from this RNG, but you're
> asking in a crypto forum and you said 'really random', which I take to
> mean you want something that is suitable for crypto applications, like
> generating keys, feeding key search algorithms, random IVs, nonces and all
> the other fun stuff we do. I take it to mean you are not just looking for
> a CS-PRNG.
> 
> For this you need an algorithm that
> A) Measures the physical world in a way that translates quantum
> uncertainty into digital bits with a well defined min-entropy.
> 
> and
> B) Cryptographically processes these numbers such that they are
> unpredictable (in specific ways) and indistinguishable from random.
> 
> and maybe
> C) Uses that to seed a CS-PRNG to give you lots of numbers with low
> overhead and guaranteed computational bounds on the adversary.
> 
> An algorithm in C, C++ or PHP in isolation cannot offer the necessary
> properties because those languages can only be used to express
> deterministic behaviors.
> 
> The hardware you run on must provide the source of non determinism. This
> could be by sampling local physical events that happen to be entropic or
> from a local entropy source circuit, or by reaching out over the internet
> to other sources (this has issues) or a combination of all three.
> 
> In a pinch you can look at the whole system as assume entropy is leaking
> in through its pores, and then sample the system state in complicated
> ways. But this approach is tightly bound to the chosen system. It is not
> portable.
> 
> So knowing this, you can know what to go looking for.
> 
> 1) A physical source of entropy -> Check your hardware specs
> 2) An entropy extractor -> http://en.wikipedia.org/wiki/Randomness_extractor
> 3) A CS-PRNG ->
> http://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator
> 
> Code for 2 and 3 are spread all over the internet.
> 
> For 1, buy one, buy a computer that has one or get out your soldering
> iron. Bill Cox has been discussing his interesting design for such a thing
> right here.
> 
> DJ
> 
> 
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography


More information about the cryptography mailing list