Re: random numbers

From: Kris Kennaway (kris@obsecurity.org)
Date: 03/04/01


Date: Sat, 3 Mar 2001 20:11:40 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Joseph Gleason <clash@fireduck.com>


On Sat, Mar 03, 2001 at 10:40:58PM -0500, Joseph Gleason wrote:
> Would /dev/urandom be acceptable for use in a one time pad encryption
> system? Such a system is only as strong as the random number generator used
> to generate the keys.
>
> I get the feeling that /dev/random would be a much better choice, but key
> generation with that would be much slower.

/dev/urandom would probably be okay, but for best results use /dev/random.

> Does anyone know of any hardware that isn't to expensive and generates good
> random numbers?

I've read analyses of commercial RNG hardware which indicates they're
often in fact not very good, in that the output isn't as random as
claimed (but it's still fine to use as a source of entropy in a mixing
function like what /dev/random does). YMMV.

Kris



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message