[cryptography] random number generator
James A. Donald
jamesd at echeque.com
Sat Nov 22 04:08:31 EST 2014
On 2014-11-22 03:01, dj at deadhat.com wrote:
>> Rather than me listing "names", why not just let it rip and run your own
>> randomness tests on it?
> Because that won't tell me if you are performing entropy extraction.
> Jytter assumes an x86 machine with multiple asynchronous clocks and
> nondeterministic physical devices. This is not a safe assumption. Linux
> assumes entropy in interrupt timing and this was the result
> This falls under the third model of source in my earlier email. Your
> extractor might look simple, but your system is anything but simple and
> entropy extracted from rdtsc and interrupts amounts to squish.
> Looking at the timing on your system and saying "it looks random to me"
> does not cut it. Portable code has to have a way to know system timing is
> random on every platform it runs on. The above paper shows that it isn't.
> Jytter does something neat but the broad claims you are making and the
> broader claims the Jytter web site makes do not pass the sniff test.
By and large, usually, interrupt timing is somewhat random, and, if not
random, unknowable to the adversary.
But this is not guaranteed, and likely to be untrue if you have several
identical systems, such as routers, which need randomness at boot up.
All your routers are likely to wind up generating keys from a rather
small set of possible keys.
It is extremely easy to get true randomness, or at least randomness
unknowable to the adversary. It is extremely hard to get true
randomness reliably in an unknown or arbitrary system. You really have
to tinker your entropy collection to your situation, to your particular
128 bits of entropy is enough for forever, so the big problem is start up.
A long running system is bound to have plenty of entropy - anything more
than 128 is plenty. So if it writes a unique secret key to each boot up
image, and each boot up has access to a good approximation to the
current time, we are golden.
More information about the cryptography