[cryptography] random number generator
kevinsisco61784 at gmail.com
Sat Nov 22 12:20:29 EST 2014
On 11/22/2014 4:08 AM, James A. Donald wrote:
> On 2014-11-22 03:01, dj at deadhat.com wrote:
>>> Rather than me listing "names", why not just let it rip and run your
>>> randomness tests on it?
>> Because that won't tell me if you are performing entropy extraction.
>> Jytter assumes an x86 machine with multiple asynchronous clocks and
>> nondeterministic physical devices. This is not a safe assumption. Linux
>> assumes entropy in interrupt timing and this was the result
>> This falls under the third model of source in my earlier email. Your
>> extractor might look simple, but your system is anything but simple and
>> entropy extracted from rdtsc and interrupts amounts to squish.
>> Looking at the timing on your system and saying "it looks random to me"
>> does not cut it. Portable code has to have a way to know system
>> timing is
>> random on every platform it runs on. The above paper shows that it
>> Jytter does something neat but the broad claims you are making and the
>> broader claims the Jytter web site makes do not pass the sniff test.
> By and large, usually, interrupt timing is somewhat random, and, if
> not random, unknowable to the adversary.
> But this is not guaranteed, and likely to be untrue if you have
> several identical systems, such as routers, which need randomness at
> boot up. All your routers are likely to wind up generating keys from a
> rather small set of possible keys.
> It is extremely easy to get true randomness, or at least randomness
> unknowable to the adversary. It is extremely hard to get true
> randomness reliably in an unknown or arbitrary system. You really have
> to tinker your entropy collection to your situation, to your
> particular system.
> 128 bits of entropy is enough for forever, so the big problem is start
> A long running system is bound to have plenty of entropy - anything
> more than 128 is plenty. So if it writes a unique secret key to each
> boot up image, and each boot up has access to a good approximation to
> the current time, we are golden.
> cryptography mailing list
> cryptography at randombit.net
If this was already brought up I apologize, but how about looking into
the NIST Randomness Beacon?
This email is free from viruses and malware because avast! Antivirus protection is active.
More information about the cryptography